├── docker-image ├── modules ├── gaming │ └── default.nix ├── development │ ├── default.nix │ └── git.nix ├── hardware │ ├── default.nix │ └── gpu │ │ ├── default.nix │ │ └── detection.nix ├── virtualization │ ├── default.nix │ └── qemu.nix ├── profiles │ └── default.nix ├── services │ └── default.nix ├── desktop │ ├── default.nix │ ├── graphics.nix │ ├── gnome.nix │ ├── audio.nix │ └── fonts.nix ├── security │ └── default.nix ├── core │ ├── default.nix │ ├── locale.nix │ ├── networking.nix │ ├── boot.nix │ ├── security.nix │ ├── users.nix │ └── nix.nix ├── installer │ ├── default.nix │ ├── base.nix │ └── desktop-installer.nix ├── default.nix ├── wsl │ └── default.nix ├── packages │ ├── default.nix │ ├── gaming.nix │ ├── core-system.nix │ ├── server-admin.nix │ └── server-tools.nix └── presets │ ├── default.nix │ ├── workstation.nix │ └── laptop.nix ├── .markdownlint.json ├── pkgs └── default.nix ├── secrets ├── keys │ ├── .gitignore │ └── README.md ├── .gitignore └── secrets.nix ├── home ├── packages │ ├── gaming.nix │ ├── virtualization.nix │ ├── development.nix │ ├── core-system.nix │ ├── server-tools.nix │ └── desktop-productivity.nix ├── users │ ├── default.nix │ ├── vscode-settings.json │ ├── minimal.nix │ └── user.nix ├── common │ ├── packages │ │ ├── essential.nix │ │ ├── development.nix │ │ └── desktop.nix │ ├── base.nix │ └── git.nix ├── examples │ ├── developer-desktop.nix │ ├── server-admin.nix │ └── gamer-kde.nix ├── roles │ ├── minimal.nix │ └── developer.nix └── profiles │ ├── headless.nix │ ├── kde.nix │ └── gnome.nix ├── hosts ├── installer-isos │ ├── preconfigured-installer.nix │ ├── minimal-installer.nix │ └── desktop-installer.nix ├── test-vm │ ├── home.nix │ ├── configuration.nix │ └── hardware-configuration.nix ├── test-laptop │ ├── home.nix │ ├── configuration.nix │ └── hardware-configuration.nix ├── macos-vms │ ├── desktop-macos │ │ └── home.nix │ ├── server-macos │ │ └── home.nix │ └── laptop-macos │ │ └── home.nix ├── test-workstation │ ├── home.nix │ ├── configuration.nix │ └── hardware-configuration.nix ├── laptop-template │ └── hardware-configuration.nix ├── test-server │ ├── home.nix │ ├── configuration.nix │ └── hardware-configuration.nix ├── desktop-template │ ├── hardware-configuration.nix │ ├── home-minimal.nix │ ├── home.nix │ └── configuration.nix ├── test-gaming │ ├── configuration.nix │ ├── hardware-configuration.nix │ └── home.nix ├── example-desktop │ ├── home.nix │ ├── hardware-configuration.nix │ ├── secrets.nix │ └── home-original.nix ├── common.nix ├── server-template │ └── hardware-configuration.nix ├── desktop-template-new │ └── configuration.nix ├── laptop-template-new │ └── configuration.nix ├── microvm │ ├── home.nix │ └── hardware-configuration.nix ├── virtualbox-vm │ ├── hardware-configuration.nix │ ├── home.nix │ └── configuration.nix ├── server-template-new │ └── configuration.nix ├── wsl2-template │ └── hardware-configuration.nix ├── kde-test │ ├── hardware-configuration.nix │ └── configuration.nix ├── qemu-vm │ ├── hardware-configuration.nix │ └── configuration.nix ├── example-server │ └── hardware-configuration.nix └── desktop-test │ ├── hardware-configuration.nix │ └── home.nix ├── templates ├── preset-home-config.nix ├── preset-host-config.nix └── preset-hardware-config.nix ├── .markdownlint.yaml ├── overlays └── default.nix ├── lib ├── mkHost.nix └── darwin-configs.nix ├── docker ├── Dockerfile └── templates │ └── desktop-template.nix ├── vm-test-config ├── hardware-configuration.nix ├── secrets.nix └── home.nix ├── .gitignore ├── shell.nix ├── .github └── workflows │ └── format.yml ├── docs ├── WINDOWS-QUICK-REFERENCE.md └── CHANGELOG.md └── scripts └── rebuild.sh /docker-image: -------------------------------------------------------------------------------- 1 | /nix/store/2wk2673w9d9fhccfsw0mr40xdai6ba37-nixos-vm-builder.tar.gz -------------------------------------------------------------------------------- /modules/gaming/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ 3 | ./steam.nix 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/development/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = [ 5 | ./git.nix 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /.markdownlint.json: -------------------------------------------------------------------------------- 1 | { 2 | "MD013": { "line_length": 120 }, 3 | "MD033": false, 4 | "MD041": false, 5 | "MD046": { "style": "fenced" } 6 | } 7 | -------------------------------------------------------------------------------- /pkgs/default.nix: -------------------------------------------------------------------------------- 1 | # Custom packages 2 | _pkgs: { 3 | # Example custom package 4 | # my-custom-package = pkgs.callPackage ./my-custom-package { }; 5 | } 6 | -------------------------------------------------------------------------------- /modules/hardware/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = [ 5 | ./detection.nix 6 | ./gpu 7 | ./auto-optimization.nix 8 | ]; 9 | } 10 | -------------------------------------------------------------------------------- /modules/virtualization/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = [ 5 | ./guest-optimizations.nix 6 | ./microvm.nix 7 | ./qemu.nix 8 | ]; 9 | } 10 | -------------------------------------------------------------------------------- /modules/hardware/gpu/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = [ 5 | ./amd.nix 6 | ./nvidia.nix 7 | ./intel.nix 8 | ./detection.nix 9 | ]; 10 | } 11 | -------------------------------------------------------------------------------- /modules/profiles/default.nix: -------------------------------------------------------------------------------- 1 | # Profiles module entry point 2 | # Provides profile-based system configurations 3 | 4 | { 5 | imports = [ 6 | ./workstation.nix 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /modules/services/default.nix: -------------------------------------------------------------------------------- 1 | # Services modules 2 | # Additional service configurations 3 | 4 | { ... }: 5 | 6 | { 7 | imports = [ 8 | ./monitoring.nix 9 | ]; 10 | } 11 | -------------------------------------------------------------------------------- /secrets/keys/.gitignore: -------------------------------------------------------------------------------- 1 | # Keys directory 2 | 3 | # Keep public keys 4 | *.pub 5 | *.age.pub 6 | 7 | # Ignore private keys (these should never be committed) 8 | * 9 | !*.pub 10 | !*.age.pub 11 | !.gitignore 12 | !README.md 13 | -------------------------------------------------------------------------------- /modules/desktop/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = [ 5 | ./gnome.nix 6 | ./kde.nix 7 | ./hyprland.nix 8 | ./niri.nix 9 | ./fonts.nix 10 | ./audio.nix 11 | ./graphics.nix 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /modules/security/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = [ 5 | ./agenix.nix # Standardized on agenix for secrets management 6 | ./firewall.nix 7 | ./hardening.nix # Advanced security hardening 8 | # ./sops.nix # Legacy - migrated to agenix 9 | ]; 10 | } 11 | -------------------------------------------------------------------------------- /modules/core/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | imports = [ 5 | ./boot.nix 6 | ./locale.nix 7 | ./networking.nix 8 | ./nix.nix 9 | ./nix-optimization.nix 10 | ./performance.nix 11 | ./security.nix 12 | ./system-identification.nix 13 | ./users.nix 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /modules/installer/default.nix: -------------------------------------------------------------------------------- 1 | # Installer modules 2 | # These are configurations for NixOS installers and live systems 3 | 4 | { ... }: 5 | 6 | { 7 | imports = [ 8 | ./base.nix 9 | ./minimal-installer.nix 10 | ./desktop-installer.nix 11 | ./preconfigured-installer.nix 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /home/packages/gaming.nix: -------------------------------------------------------------------------------- 1 | # Gaming applications and tools 2 | { pkgs, ... }: 3 | 4 | { 5 | home.packages = with pkgs; [ 6 | # Game launchers and platforms 7 | lutris 8 | heroic 9 | steam-run 10 | 11 | # Gaming utilities 12 | gamemode 13 | gamescope 14 | mangohud 15 | ]; 16 | } 17 | -------------------------------------------------------------------------------- /modules/default.nix: -------------------------------------------------------------------------------- 1 | # Explicit module imports 2 | { 3 | imports = [ 4 | ./core 5 | ./desktop 6 | ./development 7 | ./gaming 8 | ./hardware 9 | ./presets 10 | ./profiles 11 | ./security 12 | ./services 13 | ./virtualization 14 | ./wsl 15 | ./template.nix 16 | ]; 17 | } 18 | -------------------------------------------------------------------------------- /hosts/installer-isos/preconfigured-installer.nix: -------------------------------------------------------------------------------- 1 | # Preconfigured installer ISO configuration 2 | { ... }: 3 | 4 | { 5 | imports = [ 6 | ../../modules/installer/preconfigured-installer.nix 7 | ]; 8 | 9 | # This is the full-featured installer with all templates ready to use 10 | # Additional customizations can be added here 11 | } 12 | -------------------------------------------------------------------------------- /secrets/.gitignore: -------------------------------------------------------------------------------- 1 | # Agenix secrets directory 2 | 3 | # Keep encrypted secrets (.age files) 4 | *.age 5 | 6 | # Ignore decrypted secrets (these should never be committed) 7 | * 8 | !*.age 9 | !.gitignore 10 | !secrets.nix 11 | !keys/ 12 | !README.md 13 | 14 | # Keep the keys directory structure 15 | keys/* 16 | !keys/.gitignore 17 | !keys/README.md 18 | -------------------------------------------------------------------------------- /modules/wsl/default.nix: -------------------------------------------------------------------------------- 1 | # WSL-specific modules for NixOS on WSL2 2 | # These modules provide optimizations and integrations specific to WSL environments 3 | 4 | { ... }: 5 | 6 | { 7 | imports = [ 8 | ./interop.nix 9 | ./networking.nix 10 | ./optimization.nix 11 | # ./systemd.nix # Temporarily disabled due to syntax issues 12 | ]; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/test-vm/home.nix: -------------------------------------------------------------------------------- 1 | # test-vm Home Configuration 2 | # Generated using: just new-host test-vm vm-guest 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ../../home/users/user.nix 8 | ]; 9 | 10 | # Host-specific home configuration 11 | home = { 12 | username = "user"; 13 | homeDirectory = "/home/user"; 14 | stateVersion = "25.05"; 15 | }; 16 | 17 | # Add any test-vm-specific home-manager settings here 18 | } 19 | -------------------------------------------------------------------------------- /modules/packages/default.nix: -------------------------------------------------------------------------------- 1 | # Package modules directory 2 | # Shared package sets to reduce redundancy in systemPackages 3 | 4 | { 5 | # Import all package modules (Darwin packages are conditional internally) 6 | imports = [ 7 | ./core-system.nix 8 | ./development.nix 9 | ./desktop-apps.nix 10 | ./gaming.nix 11 | ./server-admin.nix 12 | ./server-tools.nix 13 | ./darwin-packages.nix 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /templates/preset-home-config.nix: -------------------------------------------------------------------------------- 1 | # HOSTNAME Home Configuration 2 | # Generated using: just new-host HOSTNAME PRESET 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ../../home/users/user.nix 8 | ]; 9 | 10 | # Host-specific home configuration 11 | home = { 12 | username = "user"; 13 | homeDirectory = "/home/user"; 14 | stateVersion = "25.05"; 15 | }; 16 | 17 | # Add any HOSTNAME-specific home-manager settings here 18 | } 19 | -------------------------------------------------------------------------------- /hosts/test-laptop/home.nix: -------------------------------------------------------------------------------- 1 | # test-laptop Home Configuration 2 | # Generated using: just new-host test-laptop laptop 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ../../home/users/user.nix 8 | ]; 9 | 10 | # Host-specific home configuration 11 | home = { 12 | username = "user"; 13 | homeDirectory = "/home/user"; 14 | stateVersion = "25.05"; 15 | }; 16 | 17 | # Add any test-laptop-specific home-manager settings here 18 | } 19 | -------------------------------------------------------------------------------- /modules/core/locale.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | # Internationalization (en_US.UTF-8 is NixOS default) 5 | i18n.defaultLocale = "en_US.UTF-8"; 6 | 7 | # Time zone (users should set this in host config) 8 | time.timeZone = lib.mkDefault "UTC"; 9 | 10 | # Console uses X keyboard config by default (keep mkDefault - VMs may override) 11 | console.useXkbConfig = lib.mkDefault true; 12 | 13 | # Keyboard layout defaults to "us" - no need to explicitly set 14 | } 15 | -------------------------------------------------------------------------------- /home/packages/virtualization.nix: -------------------------------------------------------------------------------- 1 | # Virtualization and container tools 2 | { pkgs, ... }: 3 | 4 | { 5 | home.packages = with pkgs; [ 6 | # QEMU and VM utilities 7 | qemu-utils 8 | virt-manager 9 | libvirt 10 | 11 | # Container tools 12 | docker 13 | docker-compose 14 | podman 15 | buildah 16 | 17 | # Cloud tools 18 | terraform 19 | kubectl 20 | helm 21 | 22 | # System utilities for VMs 23 | spice-vdagent 24 | qemu-guest-agent 25 | ]; 26 | } 27 | -------------------------------------------------------------------------------- /home/users/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | 3 | { 4 | # Available user templates 5 | # 6 | # To use a user template: 7 | # 1. Copy the desired template to your hostname directory 8 | # 2. Import it in your Home Manager configuration 9 | # 3. Customize as needed 10 | # 11 | # Example: 12 | # cp home/users/developer.nix hosts/my-host/home.nix 13 | # # Then edit hosts/my-host/home.nix to customize 14 | 15 | imports = [ 16 | # Default user configuration (referenced by flake) 17 | ./user.nix 18 | ]; 19 | } 20 | -------------------------------------------------------------------------------- /.markdownlint.yaml: -------------------------------------------------------------------------------- 1 | # Markdownlint configuration 2 | # See https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md 3 | # Disable line length check (MD013) for compatibility with various screen sizes 4 | MD013: false 5 | # Allow inline HTML for better documentation formatting 6 | MD033: false 7 | # Allow duplicate headers in different sections 8 | MD024: 9 | allow_different_nesting: true 10 | # Allow bare URLs for simplicity in documentation 11 | MD034: false 12 | # Trailing punctuation in headers 13 | MD026: 14 | punctuation: ".,;:!" 15 | -------------------------------------------------------------------------------- /home/packages/development.nix: -------------------------------------------------------------------------------- 1 | # Development tools and utilities 2 | { pkgs, ... }: 3 | 4 | { 5 | home.packages = with pkgs; [ 6 | # Code editors and IDEs 7 | vscode 8 | jetbrains.idea-community 9 | 10 | # Development utilities 11 | docker-compose 12 | postman 13 | dbeaver-bin 14 | 15 | # Shell and terminal tools 16 | jq 17 | yq 18 | strace 19 | lsof 20 | 21 | # Network development tools 22 | netcat 23 | socat 24 | rsync 25 | openssh 26 | 27 | # Archive and compression 28 | p7zip 29 | unrar 30 | ]; 31 | } 32 | -------------------------------------------------------------------------------- /modules/packages/gaming.nix: -------------------------------------------------------------------------------- 1 | # Gaming applications and utilities 2 | # Game launchers, streaming, and content creation 3 | { pkgs, ... }: 4 | 5 | { 6 | environment.systemPackages = with pkgs; [ 7 | # Game platforms 8 | steam 9 | lutris 10 | heroic 11 | 12 | # Gaming utilities 13 | mangohud 14 | goverlay 15 | gamemode 16 | gamescope 17 | 18 | # Game development 19 | godot_4 20 | 21 | # Content creation and streaming 22 | obs-studio 23 | kdePackages.kdenlive 24 | discord 25 | 26 | # Network analysis for gaming 27 | wireshark 28 | ]; 29 | } 30 | -------------------------------------------------------------------------------- /hosts/installer-isos/minimal-installer.nix: -------------------------------------------------------------------------------- 1 | # Minimal installer ISO configuration 2 | { pkgs, ... }: 3 | 4 | { 5 | imports = [ 6 | ../../modules/installer/minimal-installer.nix 7 | ]; 8 | 9 | # Keep it truly minimal - just add essential template support 10 | environment.systemPackages = with pkgs; [ 11 | # Template tools 12 | just 13 | 14 | # Essential development 15 | git 16 | ]; 17 | 18 | # Include template for reference 19 | environment.etc."nixos-template" = { 20 | source = ../..; # Root of this repository (from hosts/installer-isos/) 21 | mode = "0755"; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /home/packages/core-system.nix: -------------------------------------------------------------------------------- 1 | # Core system packages used across most configurations 2 | { pkgs, ... }: 3 | 4 | { 5 | home.packages = with pkgs; [ 6 | # Essential file utilities 7 | file 8 | which 9 | tree 10 | unzip 11 | zip 12 | 13 | # Network utilities 14 | curl 15 | wget 16 | dig 17 | traceroute 18 | 19 | # Text editors 20 | nano 21 | vim 22 | 23 | # Version control 24 | git 25 | 26 | # System monitoring 27 | htop 28 | 29 | # Hardware utilities 30 | pciutils 31 | usbutils 32 | lshw 33 | 34 | # Network analysis 35 | nmap 36 | ]; 37 | } 38 | -------------------------------------------------------------------------------- /home/packages/server-tools.nix: -------------------------------------------------------------------------------- 1 | # Server administration and monitoring tools 2 | { pkgs, ... }: 3 | 4 | { 5 | home.packages = with pkgs; [ 6 | # System administration 7 | systemctl-tui 8 | btop 9 | iotop 10 | nethogs 11 | 12 | # Network utilities 13 | tcpdump 14 | wireshark-cli 15 | iftop 16 | bandwhich 17 | 18 | # Log analysis 19 | lnav 20 | multitail 21 | 22 | # Backup and sync 23 | borgbackup 24 | duplicity 25 | 26 | # Database tools 27 | postgresql 28 | redis 29 | sqlite 30 | 31 | # Monitoring 32 | prometheus-node-exporter 33 | grafana-agent 34 | ]; 35 | } 36 | -------------------------------------------------------------------------------- /home/packages/desktop-productivity.nix: -------------------------------------------------------------------------------- 1 | # Desktop productivity applications 2 | { pkgs, ... }: 3 | 4 | { 5 | home.packages = with pkgs; [ 6 | # Web browsers 7 | firefox 8 | chromium 9 | 10 | # Office suite 11 | libreoffice 12 | evince 13 | 14 | # Email and communication 15 | thunderbird 16 | discord 17 | signal-desktop 18 | slack 19 | 20 | # Media and creativity 21 | gimp 22 | inkscape 23 | vlc 24 | audacity 25 | krita 26 | darktable 27 | 28 | # Graphics and design 29 | blender 30 | obs-studio 31 | 32 | # Cloud and sync 33 | rclone 34 | syncthing 35 | ]; 36 | } 37 | -------------------------------------------------------------------------------- /overlays/default.nix: -------------------------------------------------------------------------------- 1 | # Package overlays for custom packages and modifications 2 | {}: 3 | { 4 | # Default overlay - modify packages or add custom ones 5 | default = _final: _prev: { 6 | # Example: Override a package version 7 | # my-package = prev.my-package.overrideAttrs (old: { 8 | # version = "custom-version"; 9 | # }); 10 | 11 | # Example: Add custom packages 12 | # my-custom-tool = prev.callPackage ../pkgs/my-custom-tool { }; 13 | 14 | # Example: Patch existing package 15 | # firefox = prev.firefox.override { 16 | # cfg = { 17 | # enableTridactylNative = true; 18 | # }; 19 | # }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /hosts/macos-vms/desktop-macos/home.nix: -------------------------------------------------------------------------------- 1 | # Home Manager configuration for macOS Desktop VM 2 | # VM user environment 3 | 4 | { pkgs, ... }: 5 | 6 | { 7 | # This is a VM configuration, so we just import common home configuration 8 | imports = [ 9 | ../../common/home 10 | ]; 11 | 12 | # VM-specific overrides 13 | home = { 14 | username = "nixos"; 15 | homeDirectory = "/home/nixos"; 16 | stateVersion = "25.05"; 17 | }; 18 | 19 | # VM-specific packages 20 | home.packages = with pkgs; [ 21 | # VM guest tools 22 | spice-vdagent 23 | 24 | # Development tools for macOS VM testing 25 | git 26 | vim 27 | curl 28 | wget 29 | ]; 30 | } 31 | -------------------------------------------------------------------------------- /hosts/macos-vms/server-macos/home.nix: -------------------------------------------------------------------------------- 1 | # Home Manager configuration for macOS Server VM 2 | # VM user environment 3 | 4 | { pkgs, ... }: 5 | 6 | { 7 | # This is a VM configuration, so we just import common home configuration 8 | imports = [ 9 | ../../common/home 10 | ]; 11 | 12 | # VM-specific overrides 13 | home = { 14 | username = "server-admin"; 15 | homeDirectory = "/home/server-admin"; 16 | stateVersion = "25.05"; 17 | }; 18 | 19 | # VM-specific packages (minimal for server) 20 | home.packages = with pkgs; [ 21 | # VM guest tools 22 | spice-vdagent 23 | 24 | # Server tools for macOS VM testing 25 | git 26 | vim 27 | curl 28 | wget 29 | htop 30 | tree 31 | ]; 32 | } 33 | -------------------------------------------------------------------------------- /modules/packages/core-system.nix: -------------------------------------------------------------------------------- 1 | # Core system packages shared across configurations 2 | # Essential tools that should be available on most NixOS systems 3 | { pkgs, ... }: 4 | 5 | { 6 | environment.systemPackages = with pkgs; [ 7 | # Essential command-line tools 8 | wget 9 | curl 10 | git 11 | vim 12 | nano 13 | htop 14 | tree 15 | unzip 16 | zip 17 | rsync 18 | 19 | # System utilities 20 | pciutils 21 | usbutils 22 | psmisc 23 | lshw 24 | lm_sensors 25 | smartmontools 26 | 27 | # Network utilities 28 | dig 29 | iputils # ping, traceroute, etc. 30 | nmap 31 | tcpdump 32 | 33 | # File management 34 | file 35 | which 36 | ]; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/macos-vms/laptop-macos/home.nix: -------------------------------------------------------------------------------- 1 | # Home Manager configuration for macOS Laptop VM 2 | # VM user environment 3 | 4 | { pkgs, ... }: 5 | 6 | { 7 | # This is a VM configuration, so we just import common home configuration 8 | imports = [ 9 | ../../common/home 10 | ]; 11 | 12 | # VM-specific overrides 13 | home = { 14 | username = "laptop-user"; 15 | homeDirectory = "/home/laptop-user"; 16 | stateVersion = "25.05"; 17 | }; 18 | 19 | # VM-specific packages 20 | home.packages = with pkgs; [ 21 | # VM guest tools 22 | spice-vdagent 23 | 24 | # Laptop simulation tools 25 | acpi 26 | powertop 27 | 28 | # Development tools for macOS VM testing 29 | git 30 | vim 31 | curl 32 | wget 33 | ]; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/test-workstation/home.nix: -------------------------------------------------------------------------------- 1 | # test-workstation Home Configuration 2 | # Workstation setup with development tools and desktop environment 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ../../home/roles/developer.nix # Development environment 8 | ../../home/profiles/gnome.nix # GNOME desktop 9 | ]; 10 | 11 | # User-specific information 12 | home = { 13 | username = "user"; 14 | homeDirectory = "/home/user"; 15 | }; 16 | 17 | # User-specific git configuration 18 | programs.git = { 19 | userName = "Test User"; 20 | userEmail = "test@workstation.local"; 21 | }; 22 | 23 | # Workstation-specific shell aliases 24 | programs.zsh = { 25 | shellAliases = { 26 | workstation-info = "neofetch"; 27 | dev-env = "cd ~/Development && code ."; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /hosts/laptop-template/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Hardware Configuration Template 2 | # Generate your actual hardware config with: sudo nixos-generate-config 3 | { config, lib, ... }: { 4 | boot = { 5 | initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; 6 | kernelModules = [ "kvm-intel" ]; # Change to kvm-amd for AMD 7 | }; 8 | 9 | fileSystems = { 10 | "/" = { device = "/dev/disk/by-uuid/REPLACE-ROOT-UUID"; fsType = "ext4"; }; 11 | "/boot" = { device = "/dev/disk/by-uuid/REPLACE-BOOT-UUID"; fsType = "vfat"; }; 12 | }; 13 | 14 | swapDevices = [{ device = "/dev/disk/by-uuid/REPLACE-SWAP-UUID"; }]; 15 | 16 | nixpkgs.hostPlatform = "x86_64-linux"; 17 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 18 | } 19 | -------------------------------------------------------------------------------- /modules/core/networking.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | # Networking configuration 5 | networking = { 6 | # NetworkManager for desktop systems (keep mkDefault - some may want systemd-networkd) 7 | networkmanager.enable = lib.mkDefault true; 8 | 9 | # wpa_supplicant conflicts with NetworkManager (automatic) 10 | wireless.enable = false; 11 | 12 | # Fast DNS servers (opinionated choice for template) 13 | nameservers = [ 14 | "1.1.1.1" # Cloudflare 15 | "8.8.8.8" # Google 16 | ]; 17 | 18 | # Firewall configuration moved to modules/core/security.nix to avoid duplication 19 | }; 20 | 21 | # mDNS/DNS-SD support (keep mkDefault - not everyone wants mDNS) 22 | services.avahi = { 23 | enable = lib.mkDefault true; 24 | nssmdns4 = true; 25 | nssmdns6 = true; 26 | openFirewall = true; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /hosts/test-server/home.nix: -------------------------------------------------------------------------------- 1 | # test-server Home Configuration 2 | # Server administration setup without GUI 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ../../home/roles/server-admin.nix # Server administration tools 8 | ../../home/profiles/headless.nix # No GUI configuration 9 | ]; 10 | 11 | # User-specific information 12 | home = { 13 | username = "user"; 14 | homeDirectory = "/home/user"; 15 | }; 16 | 17 | # User-specific git configuration 18 | programs.git = { 19 | userName = "Test Server Admin"; 20 | userEmail = "admin@test-server.local"; 21 | }; 22 | 23 | # Server-specific shell aliases 24 | programs.bash = { 25 | shellAliases = { 26 | server-status = "systemctl status nginx postgresql"; 27 | check-load = "uptime && free -h && df -h"; 28 | server-logs = "journalctl -f -u nginx -u postgresql"; 29 | }; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /modules/packages/server-admin.nix: -------------------------------------------------------------------------------- 1 | # Server administration packages 2 | # Monitoring, networking, and system administration tools 3 | { pkgs, ... }: 4 | 5 | { 6 | environment.systemPackages = with pkgs; [ 7 | # System monitoring 8 | htop 9 | btop 10 | iotop 11 | nethogs 12 | bandwhich 13 | 14 | # Network utilities 15 | tcpdump 16 | wireshark-cli 17 | iftop 18 | iproute2 # provides ss command 19 | net-tools # provides netstat 20 | 21 | # Text editors 22 | vim 23 | nano 24 | 25 | # Terminal multiplexers 26 | tmux 27 | screen 28 | 29 | # File transfer and sync 30 | rsync 31 | openssh # provides scp 32 | 33 | # System analysis 34 | strace 35 | ltrace 36 | lsof 37 | 38 | # Log management 39 | # Note: journalctl is part of systemd, always available 40 | logrotate 41 | ]; 42 | } 43 | -------------------------------------------------------------------------------- /hosts/desktop-template/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Hardware Configuration Template 2 | # Generate your actual hardware config with: sudo nixos-generate-config 3 | { config, lib, ... }: { 4 | # Replace with your actual hardware modules 5 | boot = { 6 | initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; 7 | kernelModules = [ "kvm-intel" ]; # Change to kvm-amd for AMD 8 | }; 9 | 10 | # Replace UUIDs with your actual values 11 | fileSystems = { 12 | "/" = { device = "/dev/disk/by-uuid/REPLACE-ROOT-UUID"; fsType = "ext4"; }; 13 | "/boot" = { device = "/dev/disk/by-uuid/REPLACE-BOOT-UUID"; fsType = "vfat"; }; 14 | }; 15 | 16 | swapDevices = [{ device = "/dev/disk/by-uuid/REPLACE-SWAP-UUID"; }]; 17 | 18 | nixpkgs.hostPlatform = "x86_64-linux"; 19 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/test-gaming/configuration.nix: -------------------------------------------------------------------------------- 1 | # test-gaming Configuration - Preset-Based 2 | # Generated using: just new-host test-gaming gaming 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/presets 10 | ]; 11 | 12 | # System identification 13 | networking.hostName = "test-gaming"; 14 | 15 | # Use gaming preset 16 | modules.presets = { 17 | enable = true; 18 | preset = "gaming"; 19 | }; 20 | 21 | # Host-specific customizations (override preset defaults) 22 | # Example: 23 | # environment.systemPackages = with pkgs; [ custom-package ]; 24 | # services.myservice.enable = true; 25 | 26 | # Host-specific hardware configuration 27 | # Most hardware is auto-detected by the preset 28 | 29 | # Timezone (adjust for your location) 30 | time.timeZone = "Europe/London"; 31 | 32 | system.stateVersion = "25.05"; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/test-server/configuration.nix: -------------------------------------------------------------------------------- 1 | # test-server Configuration - Preset-Based 2 | # Generated using: just new-host test-server server 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/presets 10 | ]; 11 | 12 | # System identification 13 | networking.hostName = "test-server"; 14 | 15 | # Use server preset 16 | modules.presets = { 17 | enable = true; 18 | preset = "server"; 19 | }; 20 | 21 | # Host-specific customizations (override preset defaults) 22 | # Example: 23 | # environment.systemPackages = with pkgs; [ custom-package ]; 24 | # services.myservice.enable = true; 25 | 26 | # Host-specific hardware configuration 27 | # Most hardware is auto-detected by the preset 28 | 29 | # Timezone (adjust for your location) 30 | time.timeZone = "Europe/London"; 31 | 32 | system.stateVersion = "25.05"; 33 | } 34 | -------------------------------------------------------------------------------- /templates/preset-host-config.nix: -------------------------------------------------------------------------------- 1 | # HOSTNAME Configuration - Preset-Based 2 | # Generated using: just new-host HOSTNAME PRESET 3 | { lib, ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/presets 10 | ]; 11 | 12 | # System identification 13 | networking.hostName = "HOSTNAME"; 14 | 15 | # Use PRESET preset 16 | modules.presets = { 17 | enable = true; 18 | preset = "PRESET"; 19 | }; 20 | 21 | # Host-specific customizations (override preset defaults) 22 | # Example: 23 | # environment.systemPackages = with pkgs; [ custom-package ]; 24 | # services.myservice.enable = true; 25 | 26 | # Host-specific hardware configuration 27 | # Most hardware is auto-detected by the preset 28 | 29 | # Timezone (adjust for your location) 30 | time.timeZone = lib.mkDefault "Europe/London"; 31 | 32 | system.stateVersion = "25.05"; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/test-vm/configuration.nix: -------------------------------------------------------------------------------- 1 | # test-vm Configuration - Preset-Based 2 | # Generated using: just new-host test-vm vm-guest 3 | { lib, ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/presets 10 | ]; 11 | 12 | # System identification 13 | networking.hostName = "test-vm"; 14 | 15 | # Use vm-guest preset 16 | modules.presets = { 17 | enable = true; 18 | preset = "vm-guest"; 19 | }; 20 | 21 | # Host-specific customizations (override preset defaults) 22 | # Example: 23 | # environment.systemPackages = with pkgs; [ custom-package ]; 24 | # services.myservice.enable = true; 25 | 26 | # Host-specific hardware configuration 27 | # Most hardware is auto-detected by the preset 28 | 29 | # Timezone (adjust for your location) 30 | time.timeZone = lib.mkDefault "Europe/London"; 31 | 32 | system.stateVersion = "25.05"; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/test-laptop/configuration.nix: -------------------------------------------------------------------------------- 1 | # test-laptop Configuration - Preset-Based 2 | # Generated using: just new-host test-laptop laptop 3 | { lib, ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/presets 10 | ]; 11 | 12 | # System identification 13 | networking.hostName = "test-laptop"; 14 | 15 | # Use laptop preset 16 | modules.presets = { 17 | enable = true; 18 | preset = "laptop"; 19 | }; 20 | 21 | # Host-specific customizations (override preset defaults) 22 | # Example: 23 | # environment.systemPackages = with pkgs; [ custom-package ]; 24 | # services.myservice.enable = true; 25 | 26 | # Host-specific hardware configuration 27 | # Most hardware is auto-detected by the preset 28 | 29 | # Timezone (adjust for your location) 30 | time.timeZone = lib.mkDefault "Europe/London"; 31 | 32 | system.stateVersion = "25.05"; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/test-workstation/configuration.nix: -------------------------------------------------------------------------------- 1 | # test-workstation Configuration - Preset-Based 2 | # Generated using: just new-host test-workstation workstation 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/presets 10 | ]; 11 | 12 | # System identification 13 | networking.hostName = "test-workstation"; 14 | 15 | # Use workstation preset 16 | modules.presets = { 17 | enable = true; 18 | preset = "workstation"; 19 | }; 20 | 21 | # Host-specific customizations (override preset defaults) 22 | # Example: 23 | # environment.systemPackages = with pkgs; [ custom-package ]; 24 | # services.myservice.enable = true; 25 | 26 | # Host-specific hardware configuration 27 | # Most hardware is auto-detected by the preset 28 | 29 | # Timezone (adjust for your location) 30 | time.timeZone = "Europe/London"; 31 | 32 | system.stateVersion = "25.05"; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/example-desktop/home.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | { 3 | # Use the role-based configuration system to eliminate duplication 4 | imports = [ 5 | ../../home/roles/developer.nix # Development environment with all tools 6 | ../../home/profiles/gnome.nix # GNOME desktop environment 7 | ]; 8 | 9 | # User-specific information (required) 10 | home = { 11 | username = "user"; 12 | homeDirectory = "/home/user"; 13 | stateVersion = "25.05"; 14 | }; 15 | 16 | # User-specific git configuration (required) 17 | programs.git = { 18 | userName = "Your Name"; 19 | userEmail = "your.email@example.com"; 20 | }; 21 | 22 | # Host-specific overrides (optional) 23 | programs.bash.shellAliases = { 24 | # Custom aliases for this specific host 25 | rebuild = "sudo nixos-rebuild switch --flake ~/nixos-config"; 26 | rebuild-test = "sudo nixos-rebuild test --flake ~/nixos-config"; 27 | update = "nix flake update ~/nixos-config"; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /home/common/packages/essential.nix: -------------------------------------------------------------------------------- 1 | # Essential Packages 2 | # Core command-line tools that every user should have 3 | { pkgs, lib, ... }: 4 | 5 | { 6 | home.packages = with pkgs; lib.mkDefault [ 7 | # File and text processing 8 | file # File type identification 9 | tree # Directory tree visualization 10 | less # Pager 11 | which # Command location 12 | 13 | # Archive and compression 14 | unzip # ZIP extraction 15 | zip # ZIP creation 16 | gzip # GZIP compression 17 | tar # TAR archives 18 | 19 | # Network tools 20 | curl # HTTP client 21 | wget # File downloader 22 | 23 | # System monitoring 24 | htop # Process monitor 25 | iotop # I/O monitor 26 | 27 | # Text editors 28 | nano # Simple editor 29 | vim # Advanced editor 30 | 31 | # Development basics 32 | git # Version control 33 | 34 | # NixOS utilities 35 | nh # NixOS helper - better nixos-rebuild interface 36 | 37 | # Utilities 38 | jq # JSON processor 39 | yq-go # YAML/XML processor 40 | ]; 41 | } 42 | -------------------------------------------------------------------------------- /modules/desktop/graphics.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | let 4 | cfg = config.modules.desktop.graphics; 5 | in 6 | { 7 | options.modules.desktop.graphics = { 8 | enable = lib.mkEnableOption "desktop graphics support"; 9 | }; 10 | 11 | config = lib.mkIf cfg.enable { 12 | # Hardware graphics support 13 | hardware.graphics = { 14 | enable = true; 15 | enable32Bit = true; # 32-bit support for compatibility 16 | 17 | # Common graphics packages 18 | extraPackages = with pkgs; [ 19 | mesa.drivers 20 | 21 | # Video acceleration 22 | libva 23 | libva-utils 24 | 25 | # Vulkan support 26 | vulkan-loader 27 | vulkan-validation-layers 28 | vulkan-tools 29 | ]; 30 | }; 31 | 32 | # Graphics utilities 33 | environment.systemPackages = with pkgs; [ 34 | # Graphics info tools 35 | glxinfo 36 | vulkan-tools 37 | libva-utils 38 | 39 | # Image viewers and editors 40 | gimp 41 | inkscape 42 | 43 | # Video tools 44 | vlc 45 | mpv 46 | ]; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /hosts/installer-isos/desktop-installer.nix: -------------------------------------------------------------------------------- 1 | # Desktop installer ISO configuration 2 | { pkgs, ... }: 3 | 4 | { 5 | imports = [ 6 | ../../modules/installer/desktop-installer.nix 7 | ]; 8 | 9 | # Additional customizations for desktop installer ISO 10 | environment.systemPackages = with pkgs; [ 11 | # Include template management tools 12 | just 13 | nixpkgs-fmt 14 | 15 | # Additional desktop tools 16 | firefox 17 | gnome-tweaks 18 | 19 | # Development 20 | vscode 21 | git 22 | ]; 23 | 24 | # Include a copy of this template on the ISO 25 | environment.etc."nixos-template" = { 26 | source = ../..; # Root of this repository (from hosts/installer-isos/) 27 | mode = "0755"; 28 | }; 29 | 30 | # Desktop launcher for template browser 31 | environment.etc."xdg/applications/nixos-template.desktop" = { 32 | text = '' 33 | [Desktop Entry] 34 | Type=Application 35 | Name=NixOS Template Browser 36 | Comment=Browse available NixOS configurations 37 | Exec=nautilus /etc/nixos-template 38 | Icon=folder 39 | Categories=System; 40 | ''; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /modules/core/boot.nix: -------------------------------------------------------------------------------- 1 | { lib, pkgs, ... }: 2 | 3 | { 4 | boot = { 5 | # Modern systemd boot loader (recommended for UEFI) 6 | loader = { 7 | systemd-boot = { 8 | enable = lib.mkDefault true; # Keep: users may want GRUB 9 | configurationLimit = 10; 10 | editor = false; # Security: disable boot editing 11 | }; 12 | efi.canTouchEfiVariables = lib.mkDefault true; # Keep: depends on system 13 | timeout = lib.mkDefault 3; # Keep: users may want different timeout 14 | }; 15 | 16 | # Kernel parameters for better security and performance 17 | kernelParams = [ 18 | "kernel.yama.ptrace_scope=1" 19 | "kernel.kptr_restrict=2" 20 | "kernel.dmesg_restrict=1" 21 | "mitigations=auto" 22 | ]; 23 | 24 | # Latest kernel (users may prefer LTS) 25 | kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; 26 | 27 | # Fast tmpfs for /tmp 28 | tmp.useTmpfs = lib.mkDefault true; # Keep: not everyone wants tmpfs 29 | tmp.tmpfsSize = "50%"; 30 | 31 | # Plymouth disabled by default (keep mkDefault - some hosts may want boot splash) 32 | plymouth.enable = lib.mkDefault false; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /modules/presets/default.nix: -------------------------------------------------------------------------------- 1 | # Presets Module 2 | # High-level configuration presets that eliminate boilerplate 3 | { config, lib, ... }: 4 | 5 | let 6 | cfg = config.modules.presets; 7 | in 8 | 9 | { 10 | imports = [ 11 | ./workstation.nix 12 | ./laptop.nix 13 | ./server.nix 14 | ./vm.nix 15 | ./gaming.nix 16 | ]; 17 | 18 | options.modules.presets = { 19 | enable = lib.mkOption { 20 | type = lib.types.bool; 21 | default = false; 22 | description = "Enable preset configurations"; 23 | }; 24 | 25 | preset = lib.mkOption { 26 | type = lib.types.nullOr (lib.types.enum [ 27 | "workstation" 28 | "laptop" 29 | "server" 30 | "gaming" 31 | "vm-guest" 32 | "developer" 33 | ]); 34 | default = null; 35 | description = "The system preset to use"; 36 | }; 37 | 38 | }; 39 | 40 | config = lib.mkIf cfg.enable { 41 | # Preset configurations are handled by individual preset modules 42 | # based on the preset option 43 | 44 | assertions = [ 45 | { 46 | assertion = cfg.preset != null; 47 | message = "modules.presets.preset must be set when presets are enabled"; 48 | } 49 | ]; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /hosts/test-vm/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # test-vm Hardware Configuration 2 | # This file should be replaced with actual hardware detection output: 3 | # nixos-generate-config --root /mnt --show-hardware-config > hosts/test-vm/hardware-configuration.nix 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | # Placeholder - replace with actual hardware configuration 13 | boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "megaraid_sas" "usb_storage" "sd_mod" ]; 14 | boot.initrd.kernelModules = [ ]; 15 | boot.kernelModules = [ "kvm-intel" ]; 16 | boot.extraModulePackages = [ ]; 17 | 18 | fileSystems."/" = { 19 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 20 | fsType = "ext4"; 21 | }; 22 | 23 | fileSystems."/boot" = { 24 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 25 | fsType = "vfat"; 26 | options = [ "fmask=0022" "dmask=0022" ]; 27 | }; 28 | 29 | swapDevices = [ ]; 30 | 31 | networking.useDHCP = lib.mkDefault true; 32 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 33 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 34 | } 35 | -------------------------------------------------------------------------------- /templates/preset-hardware-config.nix: -------------------------------------------------------------------------------- 1 | # HOSTNAME Hardware Configuration 2 | # This file should be replaced with actual hardware detection output: 3 | # nixos-generate-config --root /mnt --show-hardware-config > hosts/HOSTNAME/hardware-configuration.nix 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | # Placeholder - replace with actual hardware configuration 13 | boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "megaraid_sas" "usb_storage" "sd_mod" ]; 14 | boot.initrd.kernelModules = [ ]; 15 | boot.kernelModules = [ "kvm-intel" ]; 16 | boot.extraModulePackages = [ ]; 17 | 18 | fileSystems."/" = { 19 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 20 | fsType = "ext4"; 21 | }; 22 | 23 | fileSystems."/boot" = { 24 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 25 | fsType = "vfat"; 26 | options = [ "fmask=0022" "dmask=0022" ]; 27 | }; 28 | 29 | swapDevices = [ ]; 30 | 31 | networking.useDHCP = lib.mkDefault true; 32 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 33 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/test-gaming/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # test-gaming Hardware Configuration 2 | # This file should be replaced with actual hardware detection output: 3 | # nixos-generate-config --root /mnt --show-hardware-config > hosts/test-gaming/hardware-configuration.nix 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | # Placeholder - replace with actual hardware configuration 13 | boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "megaraid_sas" "usb_storage" "sd_mod" ]; 14 | boot.initrd.kernelModules = [ ]; 15 | boot.kernelModules = [ "kvm-intel" ]; 16 | boot.extraModulePackages = [ ]; 17 | 18 | fileSystems."/" = { 19 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 20 | fsType = "ext4"; 21 | }; 22 | 23 | fileSystems."/boot" = { 24 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 25 | fsType = "vfat"; 26 | options = [ "fmask=0022" "dmask=0022" ]; 27 | }; 28 | 29 | swapDevices = [ ]; 30 | 31 | networking.useDHCP = lib.mkDefault true; 32 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 33 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/test-laptop/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # test-laptop Hardware Configuration 2 | # This file should be replaced with actual hardware detection output: 3 | # nixos-generate-config --root /mnt --show-hardware-config > hosts/test-laptop/hardware-configuration.nix 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | # Placeholder - replace with actual hardware configuration 13 | boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "megaraid_sas" "usb_storage" "sd_mod" ]; 14 | boot.initrd.kernelModules = [ ]; 15 | boot.kernelModules = [ "kvm-intel" ]; 16 | boot.extraModulePackages = [ ]; 17 | 18 | fileSystems."/" = { 19 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 20 | fsType = "ext4"; 21 | }; 22 | 23 | fileSystems."/boot" = { 24 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 25 | fsType = "vfat"; 26 | options = [ "fmask=0022" "dmask=0022" ]; 27 | }; 28 | 29 | swapDevices = [ ]; 30 | 31 | networking.useDHCP = lib.mkDefault true; 32 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 33 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/test-server/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # test-server Hardware Configuration 2 | # This file should be replaced with actual hardware detection output: 3 | # nixos-generate-config --root /mnt --show-hardware-config > hosts/test-server/hardware-configuration.nix 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | # Placeholder - replace with actual hardware configuration 13 | boot = { 14 | initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "megaraid_sas" "usb_storage" "sd_mod" ]; 15 | initrd.kernelModules = [ ]; 16 | kernelModules = [ "kvm-intel" ]; 17 | extraModulePackages = [ ]; 18 | }; 19 | 20 | fileSystems."/" = { 21 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 22 | fsType = "ext4"; 23 | }; 24 | 25 | fileSystems."/boot" = { 26 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 27 | fsType = "vfat"; 28 | options = [ "fmask=0022" "dmask=0022" ]; 29 | }; 30 | 31 | swapDevices = [ ]; 32 | 33 | networking.useDHCP = lib.mkDefault true; 34 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 35 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 36 | } 37 | -------------------------------------------------------------------------------- /hosts/test-workstation/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # test-workstation Hardware Configuration 2 | # This file should be replaced with actual hardware detection output: 3 | # nixos-generate-config --root /mnt --show-hardware-config > hosts/test-workstation/hardware-configuration.nix 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | # Placeholder - replace with actual hardware configuration 13 | boot = { 14 | initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "megaraid_sas" "usb_storage" "sd_mod" ]; 15 | initrd.kernelModules = [ ]; 16 | kernelModules = [ "kvm-intel" ]; 17 | extraModulePackages = [ ]; 18 | }; 19 | 20 | fileSystems."/" = { 21 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 22 | fsType = "ext4"; 23 | }; 24 | 25 | fileSystems."/boot" = { 26 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 27 | fsType = "vfat"; 28 | options = [ "fmask=0022" "dmask=0022" ]; 29 | }; 30 | 31 | swapDevices = [ ]; 32 | 33 | networking.useDHCP = lib.mkDefault true; 34 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 35 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 36 | } 37 | -------------------------------------------------------------------------------- /modules/desktop/gnome.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | let 4 | cfg = config.modules.desktop.gnome; 5 | in 6 | { 7 | options.modules.desktop.gnome = { 8 | enable = lib.mkEnableOption "GNOME desktop environment"; 9 | }; 10 | 11 | config = lib.mkIf cfg.enable { 12 | # Enable X11 13 | services.xserver = { 14 | enable = true; 15 | }; 16 | 17 | # Display manager (updated path) 18 | services.displayManager.gdm = { 19 | enable = true; 20 | wayland = true; # Use Wayland by default 21 | }; 22 | 23 | # Desktop environment (updated path) 24 | services.desktopManager.gnome.enable = true; 25 | 26 | # GNOME services 27 | services.gnome = { 28 | gnome-keyring.enable = true; 29 | gnome-online-accounts.enable = true; 30 | }; 31 | 32 | # Remove unwanted GNOME applications 33 | environment.gnome.excludePackages = with pkgs; [ 34 | gnome-tour 35 | epiphany # Web browser 36 | geary # Email 37 | totem # Video player 38 | ]; 39 | 40 | # Essential GNOME applications 41 | environment.systemPackages = with pkgs; [ 42 | gnome-tweaks 43 | gnome-extension-manager 44 | dconf-editor 45 | ]; 46 | 47 | # Enable thumbnails 48 | services.tumbler.enable = true; 49 | }; 50 | } 51 | -------------------------------------------------------------------------------- /home/common/packages/development.nix: -------------------------------------------------------------------------------- 1 | # Development Packages 2 | # Tools for software development and programming 3 | { pkgs, lib, ... }: 4 | 5 | { 6 | home.packages = with pkgs; lib.mkDefault [ 7 | # Version Control 8 | git-lfs # Git Large File Storage 9 | gh # GitHub CLI 10 | 11 | # Build Tools 12 | gnumake # Make build system 13 | cmake # Cross-platform build system 14 | 15 | # Language Support 16 | nodejs_22 # Node.js runtime 17 | python3 # Python interpreter 18 | 19 | # Development Utilities 20 | docker-compose # Container orchestration 21 | 22 | # Code Quality 23 | shellcheck # Shell script linter 24 | 25 | # Documentation 26 | pandoc # Document converter 27 | 28 | # Database Tools 29 | sqlite # SQLite database 30 | 31 | # Network Development 32 | httpie # Human-friendly HTTP client 33 | 34 | # Container Tools (if not using system docker) 35 | dive # Docker image explorer 36 | 37 | # Performance Analysis 38 | hyperfine # Benchmarking tool 39 | 40 | # Text Processing for Development 41 | ripgrep # Fast text search 42 | fd # Fast file finder 43 | bat # Better cat with syntax highlighting 44 | 45 | # JSON/YAML tools 46 | fx # JSON viewer 47 | # yq-go is provided by essential.nix 48 | ]; 49 | } 50 | -------------------------------------------------------------------------------- /modules/core/security.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | 3 | { 4 | # Security configuration 5 | security = { 6 | # Enable sudo with wheel group 7 | sudo = { 8 | enable = true; 9 | wheelNeedsPassword = lib.mkDefault true; 10 | }; 11 | 12 | # Polkit configuration 13 | polkit.enable = true; 14 | 15 | # AppArmor support 16 | apparmor.enable = true; 17 | 18 | # Restrict ptrace to same user 19 | allowUserNamespaces = true; 20 | 21 | # Audit framework 22 | audit.enable = true; 23 | auditd.enable = true; 24 | }; 25 | 26 | # Firewall configuration 27 | networking.firewall = { 28 | enable = true; 29 | allowPing = lib.mkDefault true; # Allow templates to override this setting 30 | }; 31 | 32 | # SSH configuration 33 | services.openssh = { 34 | enable = lib.mkDefault false; # Disabled by default, enable per host 35 | settings = { 36 | PasswordAuthentication = lib.mkDefault false; 37 | PermitRootLogin = lib.mkDefault "no"; 38 | X11Forwarding = lib.mkDefault false; 39 | }; 40 | }; 41 | 42 | # Fail2ban for SSH protection when enabled (requires firewall) 43 | services.fail2ban = { 44 | enable = config.services.openssh.enable && config.networking.firewall.enable; 45 | maxretry = 3; 46 | bantime = "10m"; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /hosts/common.nix: -------------------------------------------------------------------------------- 1 | { lib, inputs, outputs, ... }: 2 | 3 | { 4 | imports = [ 5 | # Core modules 6 | ../modules/core 7 | ../modules/hardware 8 | ../modules/services 9 | 10 | # Core system packages (essential tools for all hosts) 11 | ../modules/packages/core-system.nix 12 | 13 | # Home Manager integration 14 | inputs.home-manager.nixosModules.home-manager 15 | ]; 16 | 17 | # Enable advanced NixOS features 18 | modules = { 19 | core.nixOptimization.enable = lib.mkDefault true; 20 | hardware.detection.enable = lib.mkDefault true; 21 | services.monitoring.enable = lib.mkDefault false; # Enable per-host as needed 22 | }; 23 | 24 | # Home Manager configuration 25 | home-manager = { 26 | useGlobalPkgs = true; 27 | useUserPackages = true; 28 | 29 | # Pass inputs to Home Manager 30 | extraSpecialArgs = { 31 | inherit inputs outputs; 32 | }; 33 | }; 34 | 35 | # Enable flakes system-wide 36 | nix.settings.experimental-features = [ "nix-command" "flakes" ]; 37 | 38 | # Core packages are now provided by ../modules/packages/core-system.nix 39 | 40 | # Enable documentation 41 | documentation = { 42 | enable = true; 43 | man.enable = true; 44 | info.enable = true; 45 | }; 46 | 47 | # System version 48 | system.stateVersion = lib.mkDefault "25.05"; 49 | } 50 | -------------------------------------------------------------------------------- /hosts/desktop-template/home-minimal.nix: -------------------------------------------------------------------------------- 1 | # Minimal Desktop Home Manager Configuration 2 | # Clean alternative using shared package sets 3 | 4 | { pkgs, lib, ... }: 5 | 6 | { 7 | # Import base user configuration and package sets 8 | imports = [ 9 | ../../home/users/user.nix 10 | ../../home/packages/development.nix 11 | ../../home/packages/desktop-productivity.nix 12 | ../../home/packages/gaming.nix 13 | ]; 14 | 15 | # Override user information 16 | home = { 17 | username = "user"; 18 | homeDirectory = lib.mkForce "/home/user"; 19 | stateVersion = "25.05"; 20 | 21 | # Add only host-specific packages here 22 | packages = with pkgs; [ 23 | # Host-specific additions 24 | gparted 25 | ]; 26 | 27 | # Session variables 28 | sessionVariables = { 29 | EDITOR = "code"; 30 | BROWSER = "firefox"; 31 | TERMINAL = "gnome-terminal"; 32 | NODE_OPTIONS = "--max-old-space-size=8192"; 33 | NIXOS_OZONE_WL = "1"; # Enable Wayland for Electron apps 34 | }; 35 | }; 36 | 37 | # Override Git configuration for desktop use 38 | programs.git = { 39 | userName = lib.mkForce "Desktop User"; 40 | userEmail = lib.mkForce "user@example.com"; 41 | extraConfig = { 42 | credential.helper = "store"; 43 | rerere.enabled = true; 44 | }; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /lib/mkHost.nix: -------------------------------------------------------------------------------- 1 | { lib }: 2 | 3 | { hostname 4 | , system ? "x86_64-linux" 5 | , nixpkgs 6 | , inputs 7 | , modules ? [ ] 8 | , overlays ? [ ] 9 | , users ? [ ] 10 | }: 11 | 12 | lib.nixosSystem { 13 | inherit system; 14 | 15 | specialArgs = { 16 | inherit inputs hostname; 17 | outputs = inputs.self.outputs; 18 | }; 19 | 20 | modules = [ 21 | # Base system configuration 22 | ({ config, pkgs, ... }: { 23 | networking.hostName = hostname; 24 | nixpkgs = { 25 | config.allowUnfree = true; 26 | overlays = overlays ++ [ inputs.self.overlays.default ]; 27 | }; 28 | 29 | # Nix configuration 30 | nix = { 31 | settings = { 32 | experimental-features = [ "nix-command" "flakes" ]; 33 | auto-optimise-store = true; 34 | }; 35 | 36 | # Automatic garbage collection 37 | gc = { 38 | automatic = true; 39 | dates = "weekly"; 40 | options = "--delete-older-than 7d"; 41 | }; 42 | }; 43 | 44 | # System packages available to all configurations 45 | environment.systemPackages = with pkgs; [ 46 | git 47 | vim 48 | curl 49 | wget 50 | htop 51 | tree 52 | ]; 53 | }) 54 | 55 | # Common configuration 56 | ../hosts/common.nix 57 | 58 | ] ++ modules; 59 | } 60 | -------------------------------------------------------------------------------- /home/common/packages/desktop.nix: -------------------------------------------------------------------------------- 1 | # Desktop Packages 2 | # GUI applications for desktop environments 3 | { pkgs, lib, ... }: 4 | 5 | { 6 | home.packages = with pkgs; lib.mkDefault [ 7 | # Web Browsers 8 | firefox # Open-source browser 9 | 10 | # Office and Productivity 11 | libreoffice # Office suite 12 | evince # PDF viewer 13 | 14 | # File Management 15 | nautilus # GNOME file manager (works in other DEs) 16 | 17 | # Media Players 18 | vlc # Video player 19 | 20 | # Graphics and Design 21 | gimp # Image editor 22 | inkscape # Vector graphics 23 | 24 | # Text Editors 25 | gedit # Simple GUI text editor 26 | 27 | # System Tools 28 | gnome-system-monitor # System monitor GUI 29 | 30 | # Archive Management 31 | file-roller # Archive manager 32 | 33 | # Communication 34 | # (Uncomment as needed) 35 | # thunderbird # Email client 36 | # discord # Chat application 37 | # slack # Team communication 38 | 39 | # Development (GUI) 40 | # (Uncomment as needed) 41 | # vscode # Code editor 42 | # gitg # Git GUI 43 | ]; 44 | 45 | # Desktop-specific program configurations 46 | programs = { 47 | # Note: File managers like thunar are typically configured at system level 48 | # Add user-level desktop programs here 49 | }; 50 | } 51 | -------------------------------------------------------------------------------- /docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # NixOS VM Builder Docker Image 2 | # Enables Windows users to build NixOS VMs without installing Nix locally 3 | FROM nixos/nix:latest 4 | 5 | # Set environment variables 6 | ENV NIX_CONF_DIR=/root/.config/nix 7 | 8 | # Enable experimental features for flakes support 9 | RUN mkdir -p $NIX_CONF_DIR && \ 10 | echo "experimental-features = nix-command flakes" > $NIX_CONF_DIR/nix.conf && \ 11 | echo "substituters = https://cache.nixos.org https://nix-community.cachix.org" >> $NIX_CONF_DIR/nix.conf && \ 12 | echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" >> $NIX_CONF_DIR/nix.conf 13 | 14 | # Install nixos-generators and required tools using latest version 15 | RUN nix profile install github:nix-community/nixos-generators && \ 16 | nix profile install nixpkgs#jq --priority 4 && \ 17 | nix profile install nixpkgs#git --priority 4 && \ 18 | nix profile install nixpkgs#curl --priority 4 19 | 20 | # Create directories 21 | RUN mkdir -p /scripts /workspace /templates /output 22 | 23 | # Copy build scripts 24 | COPY scripts/ /scripts/ 25 | RUN chmod +x /scripts/*.sh 26 | 27 | # Copy default templates 28 | COPY templates/ /templates/ 29 | 30 | # Set working directory 31 | WORKDIR /workspace 32 | 33 | # Default entrypoint 34 | ENTRYPOINT ["/scripts/build-vm.sh"] 35 | CMD ["--help"] 36 | -------------------------------------------------------------------------------- /home/examples/developer-desktop.nix: -------------------------------------------------------------------------------- 1 | # Example: Developer Desktop Home Configuration 2 | # This shows how host-specific home.nix files should look with the new structure 3 | { ... }: 4 | 5 | { 6 | # Import role and profile 7 | imports = [ 8 | ../roles/developer.nix # Development tools and environment 9 | ../profiles/gnome.nix # GNOME desktop environment 10 | ]; 11 | 12 | # User-specific information (the only thing that should vary per host) 13 | home = { 14 | username = "developer"; 15 | homeDirectory = "/home/developer"; 16 | }; 17 | 18 | # User-specific git configuration 19 | programs.git = { 20 | userName = "Jane Developer"; 21 | userEmail = "jane.developer@company.com"; 22 | 23 | # Add any host-specific git settings 24 | extraConfig = { 25 | # Use different signing key per host 26 | user.signingkey = "ABC123DEF456"; 27 | commit.gpgsign = true; 28 | }; 29 | }; 30 | 31 | # Host-specific overrides (minimal - most config comes from role/profile) 32 | programs.zsh = { 33 | shellAliases = { 34 | # Company-specific shortcuts 35 | work = "cd ~/Work"; 36 | company-vpn = "sudo openvpn ~/Work/company.ovpn"; 37 | }; 38 | }; 39 | 40 | # Host-specific XDG directories 41 | xdg.userDirs = { 42 | extraConfig = { 43 | XDG_WORK_DIR = "$HOME/Work"; 44 | XDG_COMPANY_DIR = "$HOME/Work/Company"; 45 | }; 46 | }; 47 | } 48 | -------------------------------------------------------------------------------- /hosts/server-template/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Server Template Hardware Configuration 2 | # This is a placeholder - replace with your actual hardware configuration 3 | # Generate with: sudo nixos-generate-config 4 | 5 | { config, lib, ... }: 6 | 7 | { 8 | imports = [ ]; 9 | 10 | # This is a template file - you MUST replace these with your actual hardware details 11 | # Generate the real configuration with: sudo nixos-generate-config 12 | 13 | boot = { 14 | initrd = { 15 | availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; 16 | kernelModules = [ ]; 17 | }; 18 | kernelModules = [ "kvm-intel" ]; # Change to "kvm-amd" for AMD 19 | extraModulePackages = [ ]; 20 | }; 21 | 22 | # PLACEHOLDER - Replace these UUIDs with your actual device UUIDs 23 | fileSystems."/" = { 24 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-ROOT-UUID"; 25 | fsType = "ext4"; 26 | }; 27 | 28 | fileSystems."/boot" = { 29 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-BOOT-UUID"; 30 | fsType = "vfat"; 31 | }; 32 | 33 | # No swap for servers typically, but add if needed 34 | swapDevices = [ ]; 35 | 36 | # Enables DHCP on each ethernet interface 37 | networking.useDHCP = lib.mkDefault true; 38 | 39 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 40 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 41 | } 42 | -------------------------------------------------------------------------------- /home/roles/minimal.nix: -------------------------------------------------------------------------------- 1 | # Minimal Role Configuration 2 | # Bare minimum setup for resource-constrained environments 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ../common/base.nix 8 | ../common/git.nix 9 | ../common/packages/essential.nix 10 | ]; 11 | 12 | # Override base defaults for minimal footprint 13 | programs = { 14 | # Disable resource-heavy programs from base 15 | eza.enable = false; 16 | fd.enable = false; 17 | ripgrep.enable = false; 18 | tree.enable = false; 19 | 20 | # Keep only essential bash configuration 21 | bash = { 22 | enable = true; 23 | shellAliases = { 24 | ll = "ls -l"; 25 | la = "ls -la"; 26 | ".." = "cd .."; 27 | }; 28 | 29 | # Minimal history settings 30 | historySize = 1000; 31 | historyFileSize = 2000; 32 | }; 33 | 34 | # Minimal git configuration 35 | git = { 36 | extraConfig = { 37 | # Disable resource-intensive features 38 | delta.enable = false; 39 | core = { 40 | editor = "nano"; 41 | pager = "less"; 42 | }; 43 | }; 44 | }; 45 | }; 46 | 47 | # Minimal XDG setup 48 | xdg = { 49 | enable = true; 50 | userDirs.enable = false; # Don't create extra directories 51 | }; 52 | 53 | # Override essential packages with minimal set 54 | home.packages = [ ]; # Will be overridden by essential.nix, but can be further reduced per host 55 | } 56 | -------------------------------------------------------------------------------- /hosts/example-desktop/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Hardware configuration for example-desktop 2 | # This file is typically generated by nixos-generate-config 3 | # Replace this with your actual hardware configuration 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | # Example hardware configuration - REPLACE WITH YOUR ACTUAL CONFIG 13 | boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; 14 | boot.initrd.kernelModules = [ ]; 15 | boot.kernelModules = [ "kvm-intel" ]; # or "kvm-amd" for AMD 16 | boot.extraModulePackages = [ ]; 17 | 18 | # Filesystem configuration - EXAMPLE ONLY 19 | fileSystems."/" = 20 | { 21 | device = "/dev/disk/by-uuid/YOUR-ROOT-UUID"; 22 | fsType = "ext4"; 23 | }; 24 | 25 | fileSystems."/boot" = 26 | { 27 | device = "/dev/disk/by-uuid/YOUR-BOOT-UUID"; 28 | fsType = "vfat"; 29 | }; 30 | 31 | # Swap configuration - EXAMPLE ONLY 32 | swapDevices = [ 33 | { device = "/dev/disk/by-uuid/YOUR-SWAP-UUID"; } 34 | ]; 35 | 36 | # Network hardware 37 | networking.useDHCP = lib.mkDefault true; 38 | # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; 39 | 40 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 41 | 42 | # Hardware specific options 43 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 44 | } 45 | -------------------------------------------------------------------------------- /vm-test-config/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Hardware configuration for example-desktop 2 | # This file is typically generated by nixos-generate-config 3 | # Replace this with your actual hardware configuration 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | # Example hardware configuration - REPLACE WITH YOUR ACTUAL CONFIG 13 | boot = { 14 | initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; 15 | initrd.kernelModules = [ ]; 16 | kernelModules = [ "kvm-intel" ]; # or "kvm-amd" for AMD 17 | extraModulePackages = [ ]; 18 | }; 19 | 20 | # Filesystem configuration - EXAMPLE ONLY 21 | fileSystems."/" = 22 | { 23 | device = "/dev/disk/by-uuid/YOUR-ROOT-UUID"; 24 | fsType = "ext4"; 25 | }; 26 | 27 | fileSystems."/boot" = 28 | { 29 | device = "/dev/disk/by-uuid/YOUR-BOOT-UUID"; 30 | fsType = "vfat"; 31 | }; 32 | 33 | # Swap configuration - EXAMPLE ONLY 34 | swapDevices = [ 35 | { device = "/dev/disk/by-uuid/YOUR-SWAP-UUID"; } 36 | ]; 37 | 38 | # Network hardware 39 | networking.useDHCP = lib.mkDefault true; 40 | # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; 41 | 42 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 43 | 44 | # Hardware specific options 45 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 46 | } 47 | -------------------------------------------------------------------------------- /home/examples/server-admin.nix: -------------------------------------------------------------------------------- 1 | # Example: Server Administrator Home Configuration 2 | # This shows a clean server admin setup 3 | { ... }: 4 | 5 | { 6 | # Import role and profile 7 | imports = [ 8 | ../roles/server-admin.nix # Server administration tools 9 | ../profiles/headless.nix # No GUI configuration 10 | ]; 11 | 12 | # User-specific information 13 | home = { 14 | username = "admin"; 15 | homeDirectory = "/home/admin"; 16 | }; 17 | 18 | # User-specific git configuration 19 | programs.git = { 20 | userName = "System Administrator"; 21 | userEmail = "admin@example.com"; 22 | }; 23 | 24 | # Server-specific aliases 25 | programs.bash = { 26 | shellAliases = { 27 | # Server-specific shortcuts 28 | webapp-logs = "tail -f /var/log/webapp/error.log"; 29 | backup-db = "sudo -u postgres pg_dump myapp > ~/backups/myapp-$(date +%Y%m%d).sql"; 30 | check-services = "systemctl status nginx postgresql redis"; 31 | 32 | # Monitoring shortcuts 33 | load = "uptime"; 34 | disk = "df -h | grep -E '^/dev/'"; 35 | mem = "free -h"; 36 | 37 | # Network shortcuts 38 | firewall = "sudo iptables -L"; 39 | connections = "ss -tuln"; 40 | }; 41 | }; 42 | 43 | # Server-specific directories 44 | xdg.userDirs = { 45 | extraConfig = { 46 | XDG_BACKUPS_DIR = "$HOME/backups"; 47 | XDG_SCRIPTS_DIR = "$HOME/scripts"; 48 | XDG_CONFIGS_DIR = "$HOME/configs"; 49 | }; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /home/examples/gamer-kde.nix: -------------------------------------------------------------------------------- 1 | # Example: Gamer KDE Home Configuration 2 | # This shows a gaming setup with KDE 3 | { ... }: 4 | 5 | { 6 | # Import role and profile 7 | imports = [ 8 | ../roles/gamer.nix # Gaming tools and environment 9 | ../profiles/kde.nix # KDE desktop environment 10 | ]; 11 | 12 | # User-specific information 13 | home = { 14 | username = "gamer"; 15 | homeDirectory = "/home/gamer"; 16 | }; 17 | 18 | # User-specific git configuration 19 | programs.git = { 20 | userName = "Epic Gamer"; 21 | userEmail = "gamer@gaming.com"; 22 | }; 23 | 24 | # Gaming-specific overrides 25 | programs.zsh = { 26 | shellAliases = { 27 | # Game-specific shortcuts 28 | wow = "lutris lutris:rungameid/1"; 29 | steam-proton = "PROTON_USE_WINED3D=1 steam"; 30 | 31 | # Streaming shortcuts 32 | stream-setup = "obs-studio & discord &"; 33 | 34 | # Performance shortcuts 35 | gaming-mode = "sudo cpupower frequency-set -g performance"; 36 | power-save = "sudo cpupower frequency-set -g powersave"; 37 | }; 38 | }; 39 | 40 | # Gaming-specific MangoHud overrides 41 | programs.mangohud.settings = { 42 | # Customize for this specific gaming setup 43 | position = "top-right"; # Different position than default 44 | fps_limit = 144; # Match monitor refresh rate 45 | 46 | # Add custom metrics for this gaming rig 47 | gpu_core_clock = true; 48 | gpu_mem_clock = true; 49 | gpu_power = true; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /modules/desktop/audio.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | let 4 | cfg = config.modules.desktop.audio; 5 | in 6 | { 7 | options.modules.desktop.audio = { 8 | enable = lib.mkEnableOption "audio support"; 9 | pipewire = lib.mkEnableOption "PipeWire audio server" // { default = true; }; 10 | lowLatency = lib.mkEnableOption "low latency audio configuration"; 11 | }; 12 | 13 | config = lib.mkIf cfg.enable { 14 | # PipeWire configuration (modern replacement for PulseAudio) 15 | # Note: rtkit is auto-enabled by PipeWire 16 | 17 | services.pipewire = lib.mkIf cfg.pipewire { 18 | enable = true; 19 | audio.enable = true; 20 | pulse.enable = true; # PulseAudio compatibility 21 | jack.enable = true; # JACK compatibility 22 | 23 | # Low latency configuration 24 | extraConfig.pipewire = lib.mkIf cfg.lowLatency { 25 | "92-low-latency" = { 26 | "context.properties" = { 27 | "default.clock.rate" = 48000; 28 | "default.clock.quantum" = 32; 29 | "default.clock.min-quantum" = 32; 30 | "default.clock.max-quantum" = 32; 31 | }; 32 | }; 33 | }; 34 | }; 35 | 36 | # ALSA support (sound.enable is deprecated) 37 | # sound.enable = false; # Disabled when using PipeWire 38 | 39 | # Additional audio packages 40 | environment.systemPackages = with pkgs; [ 41 | pavucontrol # PulseAudio volume control 42 | playerctl # Media player control 43 | pulseaudio # For pactl command 44 | ]; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /modules/desktop/fonts.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | let 4 | cfg = config.modules.desktop.fonts; 5 | in 6 | { 7 | options.modules.desktop.fonts = { 8 | enable = lib.mkEnableOption "font configuration"; 9 | }; 10 | 11 | config = lib.mkIf cfg.enable { 12 | fonts = { 13 | # Enable font configuration 14 | fontconfig = { 15 | enable = true; 16 | 17 | # Better font rendering 18 | subpixel.rgba = "rgb"; 19 | hinting.enable = true; 20 | hinting.style = "slight"; 21 | antialias = true; 22 | 23 | # Default fonts 24 | defaultFonts = { 25 | serif = [ "Noto Serif" "Liberation Serif" ]; 26 | sansSerif = [ "Noto Sans" "Liberation Sans" ]; 27 | monospace = [ "JetBrains Mono" "Liberation Mono" ]; 28 | emoji = [ "Noto Color Emoji" ]; 29 | }; 30 | }; 31 | 32 | # Font packages 33 | packages = with pkgs; [ 34 | # System fonts 35 | noto-fonts 36 | noto-fonts-cjk-sans 37 | noto-fonts-emoji 38 | liberation_ttf 39 | 40 | # Programming fonts 41 | jetbrains-mono 42 | fira-code 43 | source-code-pro 44 | 45 | # Popular fonts 46 | roboto 47 | open-sans 48 | ubuntu_font_family 49 | 50 | # Icon fonts 51 | font-awesome 52 | nerd-fonts.jetbrains-mono 53 | nerd-fonts.fira-code 54 | ]; 55 | 56 | # Enable 32-bit font support 57 | enableGhostscriptFonts = true; 58 | }; 59 | }; 60 | } 61 | -------------------------------------------------------------------------------- /home/common/base.nix: -------------------------------------------------------------------------------- 1 | # Base Home Manager Configuration 2 | # Universal settings that every user needs regardless of role or host 3 | { lib, ... }: 4 | 5 | { 6 | # Let Home Manager manage itself 7 | programs.home-manager.enable = true; 8 | 9 | # Set state version (should match your NixOS version) 10 | home.stateVersion = lib.mkDefault "25.05"; 11 | 12 | # Basic shell configuration 13 | programs.bash = { 14 | enable = lib.mkDefault true; 15 | 16 | shellAliases = { 17 | ll = "ls -l"; 18 | la = "ls -la"; 19 | ".." = "cd .."; 20 | "..." = "cd ../.."; 21 | }; 22 | 23 | historyControl = [ "ignoredups" "ignorespace" ]; 24 | historySize = 10000; 25 | historyFileSize = 20000; 26 | }; 27 | 28 | # Basic file management 29 | xdg = { 30 | enable = true; 31 | 32 | # Clean up home directory 33 | userDirs = { 34 | enable = true; 35 | createDirectories = true; 36 | }; 37 | }; 38 | 39 | # Essential programs everyone needs 40 | programs = { 41 | # Modern directory listing 42 | eza = { 43 | enable = lib.mkDefault true; 44 | enableBashIntegration = true; 45 | icons = "auto"; 46 | extraOptions = [ "--group-directories-first" "--header" ]; 47 | }; 48 | 49 | # Better find command 50 | fd = { 51 | enable = lib.mkDefault true; 52 | }; 53 | 54 | # Better grep 55 | ripgrep = { 56 | enable = lib.mkDefault true; 57 | }; 58 | 59 | # Note: tree is just a command line utility, no program configuration needed 60 | # It's installed via home.packages in this file 61 | }; 62 | } 63 | -------------------------------------------------------------------------------- /home/profiles/headless.nix: -------------------------------------------------------------------------------- 1 | # Headless Profile Configuration 2 | # Configuration for systems without graphical interface 3 | { lib, ... }: 4 | 5 | { 6 | # Disable all GUI-related programs 7 | programs = { 8 | # Disable GUI applications that might be enabled by roles 9 | firefox.enable = lib.mkForce false; 10 | 11 | # Focus on terminal-based tools 12 | bash = { 13 | enable = true; 14 | 15 | shellAliases = { 16 | # System information aliases useful for headless 17 | sysinfo = "uname -a && uptime && free -h && df -h"; 18 | netinfo = "ip addr show && ss -tuln"; 19 | procinfo = "ps aux --sort=-%cpu | head -10"; 20 | }; 21 | }; 22 | }; 23 | 24 | # Ensure no GUI packages are installed 25 | home.packages = [ ]; 26 | 27 | # Minimal XDG configuration for headless 28 | xdg = { 29 | enable = true; 30 | 31 | # Don't create desktop-related directories 32 | userDirs = { 33 | enable = true; 34 | createDirectories = lib.mkForce false; 35 | desktop = null; 36 | pictures = null; 37 | videos = null; 38 | music = null; 39 | publicShare = null; 40 | templates = null; 41 | }; 42 | }; 43 | 44 | # Terminal-focused configurations 45 | programs = { 46 | # Enhanced terminal experience 47 | tmux = { 48 | enable = lib.mkDefault true; 49 | }; 50 | 51 | # Better terminal tools 52 | htop = { 53 | enable = true; 54 | settings = { 55 | show_cpu_frequency = true; 56 | show_cpu_temperature = true; 57 | tree_view = true; 58 | }; 59 | }; 60 | }; 61 | } 62 | -------------------------------------------------------------------------------- /hosts/desktop-template-new/configuration.nix: -------------------------------------------------------------------------------- 1 | # Desktop Configuration - New Preset-based Approach 2 | # This replaces 400+ lines of configuration with just the essentials 3 | { pkgs, ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/presets 10 | ]; 11 | 12 | # System identification 13 | networking.hostName = "desktop-template"; 14 | 15 | # Use the workstation preset with gaming extensions 16 | modules.presets = { 17 | enable = true; 18 | preset = "workstation"; 19 | 20 | # Override specific settings for this desktop 21 | customizations = { 22 | # Add gaming support to workstation preset 23 | modules.gaming = { 24 | steam = { 25 | enable = true; 26 | performance.gamemode = true; 27 | performance.mangohud = true; 28 | }; 29 | }; 30 | 31 | # Custom packages for this specific desktop 32 | environment.systemPackages = with pkgs; [ 33 | # Add desktop-specific packages beyond preset defaults 34 | gimp 35 | inkscape 36 | blender 37 | obs-studio 38 | ]; 39 | 40 | # Custom firewall rules for development 41 | networking.firewall.allowedTCPPorts = [ 3000 8000 8080 9000 ]; 42 | }; 43 | }; 44 | 45 | # Host-specific hardware configuration would go here 46 | # (anything that can't be auto-detected) 47 | 48 | # Location for weather/timezone (optional) 49 | location = { 50 | latitude = 40.7128; 51 | longitude = -74.0060; 52 | }; 53 | 54 | # The rest is handled by the preset! 55 | # No more 400+ lines of repetitive configuration 56 | } 57 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # NixOS Template .gitignore 2 | 3 | # Exclude local configuration files 4 | CLAUDE.md 5 | .cursorrules 6 | 7 | # Nix result symlinks 8 | result 9 | result-* 10 | 11 | # VM disk images 12 | *.qcow2 13 | *.img 14 | *.raw 15 | *.vmdk 16 | *.vdi 17 | 18 | # Hardware configurations (contain sensitive hardware info) 19 | # Comment out if you want to track hardware configs 20 | # hosts/*/hardware-configuration.nix 21 | 22 | # Age keys (secrets) 23 | *.key 24 | age-key.txt 25 | id_rsa 26 | id_ed25519 27 | 28 | # Build artifacts 29 | .direnv/ 30 | .envrc 31 | 32 | # Editor files 33 | .vscode/ 34 | .idea/ 35 | *.swp 36 | *.swo 37 | *~ 38 | .#* 39 | 40 | # OS files 41 | .DS_Store 42 | Thumbs.db 43 | 44 | # Temporary files 45 | *.tmp 46 | *.temp 47 | .temp/ 48 | tmp/ 49 | 50 | # Logs 51 | *.log 52 | logs/ 53 | 54 | # Cache directories 55 | .cache/ 56 | __pycache__/ 57 | *.pyc 58 | node_modules/ 59 | 60 | # Backup files 61 | *.backup 62 | *.bak 63 | *.orig 64 | 65 | # State files 66 | .state 67 | state.json 68 | 69 | # User-specific runtime files 70 | .secrets/ 71 | secrets/*.age.dec 72 | secrets/decrypted/ 73 | 74 | # Local development 75 | .env 76 | .env.local 77 | .envrc.local 78 | 79 | # Testing 80 | test-results/ 81 | coverage/ 82 | 83 | # Documentation build artifacts 84 | docs/_build/ 85 | docs/.doctrees/ 86 | 87 | # Flake lock conflicts 88 | flake.lock.orig 89 | flake.lock.rej 90 | 91 | # System-specific files 92 | /mnt/ 93 | /media/ 94 | /run/ 95 | /proc/ 96 | /sys/ 97 | /dev/ 98 | 99 | # Local customizations (uncomment if needed) 100 | # hosts/local-*/ 101 | # overlays/local/ 102 | # pkgs/local/ 103 | -------------------------------------------------------------------------------- /hosts/laptop-template-new/configuration.nix: -------------------------------------------------------------------------------- 1 | # Laptop Configuration - New Preset-based Approach 2 | # Minimal configuration focusing on laptop-specific needs 3 | { config, pkgs, ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/presets 10 | ]; 11 | 12 | # System identification 13 | networking.hostName = "laptop-template"; 14 | 15 | # Use the laptop preset 16 | modules.presets = { 17 | enable = true; 18 | preset = "laptop"; 19 | 20 | # Laptop-specific customizations 21 | customizations = { 22 | # Enable development tools for mobile work 23 | modules.development = { 24 | enable = true; 25 | git = { 26 | enable = true; 27 | # Configure for mobile development 28 | config = { 29 | user.name = "Your Name"; 30 | user.email = "your.email@example.com"; 31 | }; 32 | }; 33 | }; 34 | 35 | # Add laptop-specific packages 36 | environment.systemPackages = with pkgs; [ 37 | # Mobile productivity 38 | libreoffice 39 | thunderbird 40 | 41 | # VPN clients for remote work 42 | openvpn 43 | networkmanager-openvpn 44 | 45 | # Battery monitoring 46 | powertop 47 | tlp 48 | ]; 49 | 50 | # Custom power settings 51 | services.tlp = { 52 | enable = true; 53 | settings = { 54 | CPU_SCALING_GOVERNOR_ON_AC = "performance"; 55 | CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; 56 | }; 57 | }; 58 | }; 59 | }; 60 | 61 | # Laptop-specific hardware (if needed) 62 | # Most hardware detection is automatic via preset 63 | } 64 | -------------------------------------------------------------------------------- /home/profiles/kde.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | # KDE-specific Home Manager configuration 5 | 6 | # KDE applications 7 | home.packages = with pkgs; [ 8 | # KDE applications 9 | kate 10 | dolphin 11 | konsole 12 | spectacle 13 | gwenview 14 | okular 15 | ark 16 | kfind 17 | kcalc 18 | 19 | # KDE development 20 | kdePackages.kdevelop 21 | 22 | # Multimedia 23 | kdePackages.kdenlive 24 | kdePackages.krita 25 | ]; 26 | 27 | # KDE Connect 28 | services.kdeconnect = { 29 | enable = true; 30 | indicator = true; 31 | }; 32 | 33 | # Qt/KDE theming (updated for newer NixOS versions) 34 | qt = { 35 | enable = true; 36 | platformTheme = "kde6"; 37 | style = "breeze"; 38 | }; 39 | 40 | # KDE-specific configurations 41 | programs = { 42 | # Konsole terminal configuration 43 | konsole = { 44 | enable = true; 45 | profiles = { 46 | default = { 47 | name = "Default"; 48 | colorScheme = "Breeze"; 49 | font = { 50 | name = "JetBrains Mono"; 51 | size = 11; 52 | }; 53 | }; 54 | }; 55 | }; 56 | }; 57 | 58 | # Plasma desktop configuration (via plasma-manager if available) 59 | # programs.plasma = { 60 | # enable = true; 61 | # 62 | # workspace = { 63 | # lookAndFeel = "org.kde.breezedark.desktop"; 64 | # theme = "breeze-dark"; 65 | # }; 66 | # 67 | # panels = [ 68 | # { 69 | # location = "bottom"; 70 | # height = 44; 71 | # } 72 | # ]; 73 | # }; 74 | 75 | # KDE session variables 76 | home.sessionVariables = { 77 | QT_QPA_PLATFORMTHEME = "kde"; 78 | KDEHOME = "${config.home.homeDirectory}/.kde"; 79 | }; 80 | } 81 | -------------------------------------------------------------------------------- /modules/core/users.nix: -------------------------------------------------------------------------------- 1 | { lib, pkgs, ... }: 2 | 3 | { 4 | # User configuration 5 | users = { 6 | # Use mutable users (allow passwd, etc.) 7 | mutableUsers = lib.mkDefault true; 8 | 9 | # Default shell 10 | defaultUserShell = pkgs.bash; 11 | 12 | # System groups 13 | groups = { 14 | # Additional groups can be defined here 15 | }; 16 | 17 | # System users - correct nesting inside users block 18 | users = { 19 | root = { 20 | # Disable root login by default - clear other password options to avoid conflicts 21 | hashedPassword = lib.mkDefault "!"; 22 | # Aggressively clear ALL conflicting options - use mkForce to override any defaults 23 | password = lib.mkForce null; 24 | initialPassword = lib.mkForce null; 25 | # This is critical: empty string "" is different from null, force it to null 26 | initialHashedPassword = lib.mkForce null; 27 | hashedPasswordFile = lib.mkForce null; 28 | }; 29 | }; 30 | }; 31 | 32 | # Shell configuration 33 | programs = { 34 | # Enable bash completion (updated option name) 35 | bash = { 36 | completion.enable = true; 37 | 38 | # Global bashrc additions 39 | shellInit = '' 40 | # Custom prompt 41 | export PS1="\[\e[32m\]\u@\h\[\e[m\]:\[\e[34m\]\w\[\e[m\]$ " 42 | 43 | # Useful aliases 44 | alias ll="ls -alF" 45 | alias la="ls -A" 46 | alias l="ls -CF" 47 | alias grep="grep --color=auto" 48 | alias ..="cd .." 49 | alias ...="cd ../.." 50 | ''; 51 | }; 52 | 53 | # Enable git globally 54 | git.enable = true; 55 | 56 | # Enable vim as default editor 57 | vim = { 58 | enable = true; 59 | defaultEditor = true; 60 | }; 61 | }; 62 | } 63 | -------------------------------------------------------------------------------- /lib/darwin-configs.nix: -------------------------------------------------------------------------------- 1 | # Darwin Configuration Generator 2 | # Eliminates duplication in Darwin configurations across architectures 3 | { inputs, outputs, nixpkgs, nix-darwin, home-manager }: 4 | 5 | let 6 | inherit (nixpkgs) lib; 7 | 8 | # Helper function for nix-darwin configurations 9 | mkDarwin = { hostname, system ? "aarch64-darwin" }: 10 | nix-darwin.lib.darwinSystem { 11 | inherit system; 12 | specialArgs = { inherit inputs outputs; }; 13 | modules = [ 14 | ../hosts/${hostname}/configuration.nix 15 | home-manager.darwinModules.home-manager 16 | ]; 17 | }; 18 | 19 | # Generate Darwin configurations for multiple architectures 20 | mkDarwinConfigurations = hostnames: 21 | let 22 | # Darwin systems we support 23 | darwinSystems = [ "aarch64-darwin" "x86_64-darwin" ]; 24 | 25 | # Generate configurations for each hostname and architecture 26 | generateForHost = hostname: 27 | lib.listToAttrs (map 28 | (system: 29 | let 30 | # Create config name based on architecture 31 | configName = 32 | if system == "aarch64-darwin" 33 | then hostname 34 | else "${hostname}-intel"; 35 | in 36 | { 37 | name = configName; 38 | value = mkDarwin { inherit hostname system; }; 39 | } 40 | ) 41 | darwinSystems); 42 | in 43 | lib.foldl' (acc: hostname: acc // (generateForHost hostname)) { } hostnames; 44 | 45 | in 46 | { 47 | # Export the builder functions 48 | inherit mkDarwin mkDarwinConfigurations; 49 | 50 | # Pre-built Darwin configurations for common host types 51 | standardConfigurations = mkDarwinConfigurations [ 52 | "darwin-desktop" 53 | "darwin-laptop" 54 | "darwin-server" 55 | ]; 56 | } 57 | -------------------------------------------------------------------------------- /modules/core/nix.nix: -------------------------------------------------------------------------------- 1 | { config, lib, inputs, ... }: 2 | 3 | { 4 | nix = { 5 | settings = { 6 | # Enable flakes and new nix command 7 | experimental-features = [ "nix-command" "flakes" ]; 8 | 9 | # Optimise storage automatically 10 | auto-optimise-store = true; 11 | 12 | # Build configuration 13 | # Note: Unfree packages are controlled via nixpkgs.config.allowUnfree 14 | 15 | # Binary cache configuration 16 | substituters = [ 17 | "https://cache.nixos.org" 18 | "https://nix-community.cachix.org" 19 | ]; 20 | trusted-public-keys = [ 21 | "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 22 | "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 23 | ]; 24 | 25 | # Build users 26 | max-jobs = "auto"; 27 | 28 | # Keep build dependencies 29 | keep-derivations = true; 30 | keep-outputs = true; 31 | }; 32 | 33 | # Automatic garbage collection - optimized for templates 34 | gc = { 35 | automatic = lib.mkDefault true; 36 | dates = lib.mkDefault "daily"; # More frequent for development/template systems 37 | options = lib.mkDefault "--delete-older-than 7d --max-freed 1G"; # More aggressive cleanup with size limit 38 | }; 39 | 40 | # Automatic store optimization 41 | optimise = { 42 | automatic = lib.mkDefault true; 43 | dates = lib.mkDefault [ "03:45" ]; # Run during low-usage hours 44 | }; 45 | 46 | # Registry for legacy nix commands 47 | registry = (lib.mapAttrs (_: flake: { inherit flake; })) inputs; 48 | 49 | # Pin nixpkgs flake to system nixpkgs 50 | nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; 51 | }; 52 | 53 | # Allow users in the wheel group to use nix 54 | nix.settings.trusted-users = [ "root" "@wheel" ]; 55 | 56 | # Allow unfree packages 57 | nixpkgs.config.allowUnfree = lib.mkDefault true; 58 | } 59 | -------------------------------------------------------------------------------- /home/common/git.nix: -------------------------------------------------------------------------------- 1 | # Git Configuration 2 | # Common git settings with user-specific overrides 3 | { lib, ... }: 4 | 5 | { 6 | programs.git = { 7 | enable = lib.mkDefault true; 8 | 9 | # Default identity (override in host-specific config) 10 | userName = lib.mkDefault "Change Me"; 11 | userEmail = lib.mkDefault "changeme@example.com"; 12 | 13 | # Common git configuration 14 | extraConfig = { 15 | init.defaultBranch = "main"; 16 | pull.rebase = true; 17 | push.autoSetupRemote = true; 18 | core.editor = lib.mkDefault "nano"; 19 | 20 | # Better diff and merge tools 21 | diff.colorMoved = "default"; 22 | merge.conflictstyle = "diff3"; 23 | 24 | # Useful aliases 25 | alias = { 26 | st = "status -s"; 27 | co = "checkout"; 28 | br = "branch"; 29 | ci = "commit"; 30 | ca = "commit -a"; 31 | cm = "commit -m"; 32 | cam = "commit -am"; 33 | lg = "log --oneline --graph --decorate"; 34 | unstage = "reset HEAD --"; 35 | last = "log -1 HEAD"; 36 | visual = "!gitk"; 37 | }; 38 | }; 39 | 40 | # Global gitignore for common files 41 | ignores = [ 42 | # OS generated files 43 | ".DS_Store" 44 | ".DS_Store?" 45 | "._*" 46 | ".Spotlight-V100" 47 | ".Trashes" 48 | "ehthumbs.db" 49 | "Thumbs.db" 50 | 51 | # Editor files 52 | "*~" 53 | "*.swp" 54 | "*.swo" 55 | ".vscode/" 56 | ".idea/" 57 | 58 | # Build artifacts 59 | "*.o" 60 | "*.so" 61 | "*.exe" 62 | "*.dll" 63 | "node_modules/" 64 | "target/" 65 | "build/" 66 | "dist/" 67 | 68 | # Temporary files 69 | "*.tmp" 70 | "*.temp" 71 | "*.log" 72 | ]; 73 | 74 | # Delta for better diff viewing 75 | delta = { 76 | enable = lib.mkDefault true; 77 | options = { 78 | navigate = true; 79 | line-numbers = true; 80 | syntax-theme = "Dracula"; 81 | }; 82 | }; 83 | }; 84 | } 85 | -------------------------------------------------------------------------------- /hosts/microvm/home.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | { 4 | # Minimal Home Manager configuration for MicroVM 5 | 6 | # Basic user info 7 | home = { 8 | username = "micro"; 9 | homeDirectory = "/home/micro"; 10 | stateVersion = "25.05"; 11 | }; 12 | 13 | # Let Home Manager manage itself 14 | programs.home-manager.enable = true; 15 | 16 | # Minimal shell configuration 17 | programs.bash = { 18 | enable = true; 19 | 20 | shellAliases = { 21 | # Essential aliases only 22 | ll = "ls -l"; 23 | la = "ls -la"; 24 | 25 | # System info 26 | "sys" = "echo 'MicroVM:' $(hostname) '|' $(uname -r) '|' $(free -h | grep Mem | awk '{print $3\"/\"$2}')"; 27 | "ip" = "ip -c addr show"; 28 | 29 | # Quick navigation 30 | ".." = "cd .."; 31 | }; 32 | 33 | bashrcExtra = '' 34 | # Ultra-minimal prompt 35 | export PS1="μvm:\w\$ " 36 | 37 | # Show system info on login (minimal) 38 | echo "μVM: $(hostname) [$(free -h | grep Mem | awk '{print $3}') used]" 39 | ''; 40 | }; 41 | 42 | # Minimal essential programs 43 | programs = { 44 | # Basic file operations 45 | ls = { 46 | enable = true; 47 | aliases = { 48 | l = "ls"; 49 | ll = "ls -l"; 50 | }; 51 | }; 52 | }; 53 | 54 | # Minimal packages (only absolute essentials) 55 | home.packages = with pkgs; [ 56 | # System utilities 57 | procps # ps, top, etc. 58 | 59 | # Network tools 60 | iproute2 # ip command 61 | iputils # ping 62 | 63 | # File utilities 64 | file 65 | which 66 | ]; 67 | 68 | # Minimal environment 69 | home.sessionVariables = { 70 | EDITOR = "nano"; 71 | PAGER = "cat"; 72 | 73 | # MicroVM identification 74 | MICROVM = "true"; 75 | VM_TYPE = "microvm"; 76 | }; 77 | 78 | # No GUI applications 79 | # No development tools 80 | # No extras - keep it ultra-minimal 81 | 82 | # Essential directories only 83 | xdg = { 84 | enable = true; 85 | userDirs = { 86 | enable = false; # Don't create extra directories 87 | }; 88 | }; 89 | } 90 | -------------------------------------------------------------------------------- /hosts/virtualbox-vm/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # VirtualBox VM Hardware Configuration Template 2 | { config, lib, modulesPath, ... }: 3 | 4 | { 5 | imports = 6 | [ 7 | (modulesPath + "/profiles/qemu-guest.nix") 8 | ]; 9 | 10 | # Boot loader configuration 11 | boot.loader.grub = { 12 | enable = true; 13 | device = "/dev/sda"; 14 | timeout = 5; 15 | }; 16 | 17 | # Kernel modules for VirtualBox 18 | boot.initrd.availableKernelModules = [ 19 | "ata_piix" 20 | "ohci_pci" 21 | "ehci_pci" 22 | "ahci" 23 | "sd_mod" 24 | "sr_mod" 25 | ]; 26 | 27 | boot.initrd.kernelModules = [ ]; 28 | boot.kernelModules = [ "vboxguest" "vboxsf" "vboxvideo" ]; 29 | boot.extraModulePackages = [ ]; 30 | 31 | # File systems - typical VirtualBox setup 32 | fileSystems."/" = { 33 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 34 | fsType = "ext4"; 35 | }; 36 | 37 | fileSystems."/boot" = lib.mkIf (config.boot.loader.grub.device == "nodev") { 38 | device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-UUID"; 39 | fsType = "vfat"; 40 | }; 41 | 42 | # Swap configuration 43 | swapDevices = [ 44 | { device = "/dev/disk/by-uuid/REPLACE-WITH-ACTUAL-SWAP-UUID"; } 45 | ]; 46 | 47 | # Network interfaces 48 | networking.interfaces = { 49 | enp0s3.useDHCP = lib.mkDefault true; 50 | enp0s8.useDHCP = lib.mkDefault true; # Host-only adapter 51 | }; 52 | 53 | # CPU and hardware configuration 54 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 55 | hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 56 | 57 | # VirtualBox-specific hardware 58 | hardware.graphics = { 59 | enable = true; 60 | enable32Bit = true; 61 | }; 62 | 63 | # Audio configuration 64 | services.pulseaudio = { 65 | enable = lib.mkDefault true; 66 | support32Bit = true; 67 | }; 68 | 69 | # This value determines the NixOS release from which the default 70 | # settings for stateful data, like file locations and database versions 71 | # on your system were taken. It's perfectly fine and recommended to leave 72 | # this value at the release version of the first install of this system. 73 | system.stateVersion = "25.05"; 74 | } 75 | -------------------------------------------------------------------------------- /hosts/server-template-new/configuration.nix: -------------------------------------------------------------------------------- 1 | # Server Configuration - New Preset-based Approach 2 | # Minimal, secure server configuration 3 | { pkgs, ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/presets 10 | ]; 11 | 12 | # System identification 13 | networking.hostName = "server-template"; 14 | 15 | # Use the server preset 16 | modules.presets = { 17 | enable = true; 18 | preset = "server"; 19 | 20 | # Server-specific customizations 21 | customizations = { 22 | # Enable specific services for this server 23 | services = { 24 | # Web server 25 | nginx = { 26 | enable = true; 27 | virtualHosts."localhost" = { 28 | root = "/var/www"; 29 | }; 30 | }; 31 | 32 | # Database (optional) 33 | postgresql = { 34 | enable = false; # Enable per deployment 35 | package = pkgs.postgresql_15; 36 | }; 37 | 38 | # Monitoring 39 | prometheus.exporters.node.enable = true; 40 | }; 41 | 42 | # Server-specific networking 43 | networking = { 44 | # Open HTTP/HTTPS ports 45 | firewall.allowedTCPPorts = [ 22 80 443 9100 ]; # SSH, HTTP, HTTPS, Node Exporter 46 | 47 | # Static IP configuration (adjust per deployment) 48 | interfaces.ens18 = { 49 | ipv4.addresses = [{ 50 | address = "192.168.1.100"; 51 | prefixLength = 24; 52 | }]; 53 | }; 54 | defaultGateway = "192.168.1.1"; 55 | nameservers = [ "1.1.1.1" "8.8.8.8" ]; 56 | }; 57 | 58 | # Server-specific packages 59 | environment.systemPackages = with pkgs; [ 60 | # Server management 61 | docker-compose 62 | kubernetes 63 | 64 | # Monitoring 65 | prometheus 66 | grafana 67 | 68 | # Backup 69 | restic 70 | borgbackup 71 | 72 | # Security 73 | fail2ban 74 | ufw 75 | ]; 76 | }; 77 | }; 78 | 79 | # Server-specific users (define per deployment) 80 | users.users.deploy = { 81 | isNormalUser = true; 82 | extraGroups = [ "wheel" "docker" ]; 83 | openssh.authorizedKeys.keys = [ 84 | # Add SSH keys here 85 | ]; 86 | }; 87 | } 88 | -------------------------------------------------------------------------------- /hosts/wsl2-template/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # WSL2 Hardware Configuration 2 | # This is a minimal hardware configuration for WSL2 environment 3 | 4 | { lib, modulesPath, ... }: 5 | 6 | { 7 | imports = [ 8 | (modulesPath + "/profiles/minimal.nix") 9 | ]; 10 | 11 | # WSL2 doesn't use traditional bootloaders 12 | boot = { 13 | loader.systemd-boot.enable = false; 14 | loader.grub.enable = false; 15 | initrd.availableKernelModules = [ ]; 16 | initrd.kernelModules = [ ]; 17 | kernelModules = [ ]; 18 | extraModulePackages = [ ]; 19 | }; 20 | 21 | # WSL2 filesystem configuration 22 | fileSystems."/" = { 23 | device = "none"; 24 | fsType = "tmpfs"; 25 | options = [ "defaults" "size=2G" "mode=755" ]; 26 | }; 27 | 28 | fileSystems."/nix" = { 29 | device = "/dev/disk/by-label/nixos"; 30 | fsType = "ext4"; 31 | options = [ "noatime" ]; 32 | }; 33 | 34 | # No swap in WSL2 by default (Windows manages memory) 35 | swapDevices = [ ]; 36 | 37 | # Network configuration handled by WSL2 38 | networking.useDHCP = lib.mkDefault true; 39 | 40 | # Hardware detection 41 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 42 | 43 | # WSL2-specific hardware settings 44 | hardware = { 45 | # No real hardware in WSL2 46 | enableAllFirmware = false; 47 | enableRedistributableFirmware = false; 48 | 49 | # Graphics handled by Windows 50 | graphics = { 51 | enable = true; 52 | enable32Bit = false; # Usually not needed in WSL2 53 | }; 54 | 55 | # Audio through PulseAudio (moved to services) 56 | # pulseaudio configuration moved to services.pulseaudio 57 | # No Bluetooth in WSL2 58 | bluetooth.enable = false; 59 | }; 60 | 61 | # Virtualization settings for nested containers 62 | virtualisation = { 63 | # Docker/Podman support 64 | docker.enable = false; # Can be enabled per-host 65 | podman.enable = false; # Can be enabled per-host 66 | }; 67 | 68 | # Power management not applicable in WSL2 69 | powerManagement.enable = false; 70 | 71 | # WSL2-specific service configuration 72 | services = { 73 | thermald.enable = false; 74 | auto-cpufreq.enable = false; 75 | # Location services not available 76 | geoclue2.enable = false; 77 | # No real time clock in WSL2 78 | timesyncd.enable = true; 79 | }; 80 | } 81 | -------------------------------------------------------------------------------- /home/users/vscode-settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "workbench.colorTheme": "Default Dark+", 3 | "editor.fontFamily": "JetBrains Mono, 'Droid Sans Mono', 'monospace'", 4 | "editor.fontSize": 14, 5 | "editor.lineHeight": 1.5, 6 | "editor.tabSize": 2, 7 | "editor.insertSpaces": true, 8 | "editor.detectIndentation": true, 9 | "editor.renderWhitespace": "boundary", 10 | "editor.rulers": [80, 120], 11 | "editor.wordWrap": "bounded", 12 | "editor.wordWrapColumn": 120, 13 | "editor.minimap.enabled": true, 14 | "editor.bracketPairColorization.enabled": true, 15 | "editor.guides.bracketPairs": true, 16 | "editor.formatOnSave": true, 17 | "editor.formatOnPaste": true, 18 | "editor.codeActionsOnSave": { 19 | "source.fixAll": "explicit", 20 | "source.organizeImports": "explicit" 21 | }, 22 | 23 | "files.autoSave": "afterDelay", 24 | "files.autoSaveDelay": 1000, 25 | "files.trimTrailingWhitespace": true, 26 | "files.insertFinalNewline": true, 27 | "files.trimFinalNewlines": true, 28 | 29 | "terminal.integrated.fontSize": 13, 30 | "terminal.integrated.fontFamily": "JetBrains Mono", 31 | "terminal.integrated.shell.linux": "/bin/bash", 32 | 33 | "explorer.confirmDelete": false, 34 | "explorer.confirmDragAndDrop": false, 35 | 36 | "git.enableSmartCommit": true, 37 | "git.confirmSync": false, 38 | "git.autofetch": true, 39 | 40 | "extensions.autoUpdate": true, 41 | 42 | "nix.enableLanguageServer": true, 43 | "nix.serverPath": "nil", 44 | "nix.formatterPath": "nixpkgs-fmt", 45 | 46 | "[nix]": { 47 | "editor.defaultFormatter": "jnoortheen.nix-ide", 48 | "editor.tabSize": 2 49 | }, 50 | 51 | "[json]": { 52 | "editor.defaultFormatter": "esbenp.prettier-vscode" 53 | }, 54 | 55 | "[yaml]": { 56 | "editor.defaultFormatter": "esbenp.prettier-vscode" 57 | }, 58 | 59 | "[markdown]": { 60 | "editor.defaultFormatter": "esbenp.prettier-vscode", 61 | "editor.wordWrap": "on" 62 | }, 63 | 64 | "[javascript]": { 65 | "editor.defaultFormatter": "esbenp.prettier-vscode" 66 | }, 67 | 68 | "[typescript]": { 69 | "editor.defaultFormatter": "esbenp.prettier-vscode" 70 | }, 71 | 72 | "[python]": { 73 | "editor.defaultFormatter": "ms-python.black-formatter" 74 | }, 75 | 76 | "[rust]": { 77 | "editor.defaultFormatter": "rust-lang.rust-analyzer" 78 | }, 79 | 80 | "[go]": { 81 | "editor.defaultFormatter": "golang.go" 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /secrets/secrets.nix: -------------------------------------------------------------------------------- 1 | let 2 | # User public keys - Add your personal age public keys here 3 | users = { 4 | # Example user keys (replace with your actual keys) 5 | alice = "age1xyz..."; # Replace with actual age public key 6 | bob = "age1abc..."; # Replace with actual age public key 7 | }; 8 | 9 | # System/host public keys - Add your systems' SSH host key age equivalents 10 | systems = { 11 | # Example system keys (replace with your actual host keys) 12 | laptop = "age1host123..."; # Replace with actual converted SSH host key 13 | server = "age1host456..."; # Replace with actual converted SSH host key 14 | desktop = "age1host789..."; # Replace with actual converted SSH host key 15 | }; 16 | 17 | # Helper functions for common key combinations 18 | allSystems = builtins.attrValues systems; 19 | 20 | in 21 | { 22 | # Example secrets configuration 23 | # Each secret specifies which keys can decrypt it 24 | 25 | # User passwords 26 | "user-password.age".publicKeys = [ users.alice systems.laptop systems.desktop ]; 27 | "root-password.age".publicKeys = allSystems; 28 | 29 | # SSH keys 30 | "ssh-private-key.age".publicKeys = [ users.alice systems.laptop ]; 31 | "ssh-config.age".publicKeys = [ users.alice systems.laptop systems.desktop ]; 32 | 33 | # Network configuration 34 | "wifi-password.age".publicKeys = allSystems; 35 | "vpn-config.age".publicKeys = [ users.alice systems.laptop ]; 36 | 37 | # Application secrets 38 | "database-password.age".publicKeys = [ systems.server ]; 39 | "api-key.age".publicKeys = [ users.alice systems.server ]; 40 | "jwt-secret.age".publicKeys = [ systems.server ]; 41 | 42 | # Email configuration 43 | "email-password.age".publicKeys = [ users.alice systems.laptop systems.desktop ]; 44 | "smtp-config.age".publicKeys = [ users.alice systems.laptop systems.desktop ]; 45 | 46 | # Backup and sync 47 | "restic-password.age".publicKeys = allSystems; 48 | "sync-token.age".publicKeys = [ users.alice systems.laptop systems.desktop ]; 49 | 50 | # Development secrets 51 | "github-token.age".publicKeys = [ users.alice systems.laptop systems.desktop ]; 52 | "docker-registry-auth.age".publicKeys = [ systems.server systems.desktop ]; 53 | 54 | # Certificates and TLS 55 | "tls-cert.age".publicKeys = [ systems.server ]; 56 | "tls-key.age".publicKeys = [ systems.server ]; 57 | "ca-cert.age".publicKeys = allSystems; 58 | 59 | # Service-specific secrets 60 | "nextcloud-password.age".publicKeys = [ systems.server ]; 61 | "matrix-config.age".publicKeys = [ systems.server ]; 62 | "monitoring-token.age".publicKeys = [ systems.server systems.laptop ]; 63 | } 64 | -------------------------------------------------------------------------------- /hosts/test-gaming/home.nix: -------------------------------------------------------------------------------- 1 | # Test Gaming Home Manager Configuration 2 | # Uses shared profiles optimized for gaming and testing 3 | { config, pkgs, ... }: 4 | 5 | { 6 | # Import shared Home Manager profiles 7 | imports = [ 8 | ../../home/profiles/base.nix # Base configuration with git, bash, etc. 9 | ../../home/profiles/desktop.nix # Desktop applications and GUI tools 10 | ../../home/roles/gamer.nix # Gaming-specific tools and configurations 11 | ]; 12 | 13 | # Host-specific user info 14 | home = { 15 | username = "user"; 16 | homeDirectory = "/home/user"; 17 | }; 18 | 19 | # Override git configuration for gaming tests 20 | programs.git = { 21 | userName = "Test Gamer"; 22 | userEmail = "gamer@test-gaming.local"; 23 | }; 24 | 25 | # Gaming-specific environment optimizations 26 | home.sessionVariables = { 27 | # Performance optimization for gaming 28 | __GL_SHADER_DISK_CACHE = "1"; 29 | __GL_SHADER_DISK_CACHE_PATH = "$HOME/.cache/nvidia"; 30 | 31 | # Gaming-specific editor 32 | EDITOR = "vim"; # Lightweight for gaming systems 33 | }; 34 | 35 | # Gaming performance aliases (extends base profile) 36 | programs.bash.shellAliases = { 37 | # Performance tuning 38 | "gaming-mode" = "sudo cpupower frequency-set -g performance"; 39 | "power-save" = "sudo cpupower frequency-set -g powersave"; 40 | 41 | # Hardware monitoring for gaming 42 | "temps" = "watch -n 2 'sensors | grep -E \"(CPU|GPU)\"'"; 43 | "gpu-info" = "nvidia-smi || lspci | grep -i vga"; 44 | 45 | # Gaming testing 46 | "fps-test" = "glxgears -info"; 47 | "gl-info" = "glxinfo | grep -E '(OpenGL|Direct)'"; 48 | 49 | # Game management 50 | "steam-native" = "steam -no-cef-sandbox"; 51 | }; 52 | 53 | # Gaming-specific bash functions 54 | programs.bash.bashrcExtra = '' 55 | # Gaming performance helper 56 | gaming-status() { 57 | echo "=== Gaming System Status ===" 58 | echo "CPU Governor: $(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor)" 59 | echo "CPU Frequency: $(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq | awk '{print $1/1000000 " GHz"}')" 60 | if command -v nvidia-smi &> /dev/null; then 61 | echo "GPU Status: $(nvidia-smi --query-gpu=utilization.gpu --format=csv,noheader,nounits)% usage" 62 | fi 63 | echo "RAM Usage: $(free | awk '/Mem:/ {printf "%.1f%%", $3/$2 * 100}')" 64 | } 65 | 66 | # Quick game launcher helper 67 | launch-game() { 68 | echo "Setting performance mode for gaming..." 69 | sudo cpupower frequency-set -g performance 2>/dev/null 70 | echo "Launching: $*" 71 | "$@" 72 | echo "Returning to balanced mode..." 73 | sudo cpupower frequency-set -g ondemand 2>/dev/null 74 | } 75 | ''; 76 | } 77 | -------------------------------------------------------------------------------- /modules/hardware/gpu/detection.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | let 4 | cfg = config.modules.hardware.gpu; 5 | in 6 | { 7 | options.modules.hardware.gpu = { 8 | autoDetect = lib.mkEnableOption "automatic GPU detection and configuration" // { default = true; }; 9 | 10 | # Note: Individual GPU enable options are declared in their respective modules 11 | # (amd.nix, nvidia.nix, intel.nix) - this module only sets them based on detection 12 | 13 | # Workload profiles 14 | profile = lib.mkOption { 15 | type = lib.types.enum [ "desktop" "gaming" "ai-compute" "server-compute" ]; 16 | default = "desktop"; 17 | description = "GPU optimization profile"; 18 | }; 19 | 20 | # Multi-GPU support 21 | multiGpu = { 22 | enable = lib.mkEnableOption "multi-GPU configuration"; 23 | primary = lib.mkOption { 24 | type = lib.types.enum [ "amd" "nvidia" "intel" ]; 25 | default = "nvidia"; 26 | description = "Primary GPU for display output"; 27 | }; 28 | }; 29 | }; 30 | 31 | config = lib.mkIf cfg.autoDetect { 32 | # Hardware detection script 33 | environment.systemPackages = with pkgs; [ 34 | pciutils # lspci for GPU detection 35 | glxinfo # GPU info 36 | clinfo # OpenCL info 37 | # GPU monitoring tools can be added per-host as needed 38 | ]; 39 | 40 | # Note: Auto-detection of GPU modules cannot be done during evaluation 41 | # Users should manually enable the appropriate GPU modules: 42 | # modules.hardware.gpu.amd.enable = true; 43 | # modules.hardware.gpu.nvidia.enable = true; 44 | # modules.hardware.gpu.intel.enable = true; 45 | 46 | # GPU detection service 47 | systemd.services.gpu-detection = { 48 | description = "GPU Hardware Detection"; 49 | wantedBy = [ "multi-user.target" ]; 50 | serviceConfig = { 51 | Type = "oneshot"; 52 | RemainAfterExit = true; 53 | }; 54 | script = '' 55 | # Create GPU info file 56 | mkdir -p /run/gpu-info 57 | 58 | # Detect GPUs using lspci 59 | ${pkgs.pciutils}/bin/lspci -nn | grep -i vga > /run/gpu-info/detected || true 60 | ${pkgs.pciutils}/bin/lspci -nn | grep -i 3d >> /run/gpu-info/detected || true 61 | ${pkgs.pciutils}/bin/lspci -nn | grep -i display >> /run/gpu-info/detected || true 62 | 63 | # Log detected GPUs 64 | if [ -s /run/gpu-info/detected ]; then 65 | echo "Detected GPUs:" >&2 66 | cat /run/gpu-info/detected >&2 67 | else 68 | echo "No discrete GPUs detected" >&2 69 | fi 70 | ''; 71 | }; 72 | 73 | # Environment variables for GPU detection 74 | environment.sessionVariables = { 75 | # Make GPU info available to user sessions 76 | GPU_INFO_PATH = "/run/gpu-info"; 77 | }; 78 | }; 79 | } 80 | -------------------------------------------------------------------------------- /hosts/microvm/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Hardware configuration for MicroVM 2 | # Minimal configuration for ultra-lightweight virtual machines 3 | # Replace UUIDs with actual values from your VM 4 | 5 | { lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ]; 11 | 12 | # Boot and hardware configuration 13 | boot = { 14 | # Minimal hardware support 15 | initrd = { 16 | availableKernelModules = [ 17 | "virtio_pci" 18 | "virtio_blk" 19 | "virtio_net" 20 | ]; 21 | kernelModules = [ ]; 22 | }; 23 | extraModulePackages = [ ]; 24 | 25 | # Use systemd-boot for faster boot 26 | loader = { 27 | systemd-boot = { 28 | enable = true; 29 | configurationLimit = lib.mkForce 2; # Keep only 2 generations for minimal VM 30 | }; 31 | efi.canTouchEfiVariables = true; 32 | timeout = lib.mkForce 0; 33 | }; 34 | 35 | # Minimal kernel modules 36 | kernelModules = [ ]; 37 | blacklistedKernelModules = [ 38 | # Audio 39 | "snd" 40 | "snd_hda_intel" 41 | 42 | # Bluetooth 43 | "bluetooth" 44 | "btusb" 45 | 46 | # Wireless 47 | "iwlwifi" 48 | "cfg80211" 49 | 50 | # Graphics 51 | "drm" 52 | "i915" 53 | "nouveau" 54 | "radeon" 55 | 56 | # USB (if not needed) 57 | "usbhid" 58 | "usb_storage" 59 | ]; 60 | }; 61 | 62 | # Single root filesystem (no separate /boot for minimal setup) 63 | fileSystems."/" = { 64 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-ROOT-UUID"; 65 | fsType = "ext4"; 66 | options = [ 67 | "noatime" 68 | "nodiratime" 69 | "discard" 70 | "commit=60" # Reduce write frequency 71 | ]; 72 | }; 73 | 74 | # For UEFI boot (minimal) 75 | fileSystems."/boot" = { 76 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-BOOT-UUID"; 77 | fsType = "vfat"; 78 | options = [ "noatime" ]; 79 | }; 80 | 81 | # No swap for MicroVMs 82 | swapDevices = [ ]; 83 | 84 | # Minimal network configuration 85 | networking.useDHCP = lib.mkDefault true; 86 | networking.interfaces.eth0.useDHCP = lib.mkDefault true; 87 | 88 | # Platform 89 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 90 | 91 | # Minimal hardware features 92 | hardware = { 93 | # No microcode updates for minimal size 94 | enableRedistributableFirmware = false; 95 | 96 | # No CPU-specific optimizations 97 | cpu.intel.updateMicrocode = false; 98 | cpu.amd.updateMicrocode = false; 99 | }; 100 | 101 | # Memory and disk optimization is handled by the actual hypervisor/VM configuration 102 | # These settings would be configured in your hypervisor management tool 103 | } 104 | -------------------------------------------------------------------------------- /home/roles/developer.nix: -------------------------------------------------------------------------------- 1 | # Developer Role Configuration 2 | # Complete development environment setup 3 | { ... }: 4 | 5 | { 6 | imports = [ 7 | ../common/base.nix 8 | ../common/git.nix 9 | ../common/packages/essential.nix 10 | ../common/packages/development.nix 11 | ../common/packages/desktop.nix 12 | ]; 13 | 14 | # Developer-specific programs 15 | programs = { 16 | # Advanced shell with better history and completion 17 | zsh = { 18 | enable = true; 19 | autosuggestion.enable = true; 20 | syntaxHighlighting.enable = true; 21 | 22 | history = { 23 | size = 50000; 24 | save = 50000; 25 | ignoreDups = true; 26 | share = true; 27 | }; 28 | 29 | shellAliases = { 30 | # Development shortcuts 31 | gs = "git status"; 32 | ga = "git add"; 33 | gc = "git commit"; 34 | gp = "git push"; 35 | gl = "git pull"; 36 | gd = "git diff"; 37 | 38 | # Docker shortcuts 39 | dc = "docker-compose"; 40 | dcu = "docker-compose up"; 41 | dcd = "docker-compose down"; 42 | dcl = "docker-compose logs"; 43 | 44 | # Directory shortcuts 45 | dev = "cd ~/Development"; 46 | proj = "cd ~/Projects"; 47 | }; 48 | }; 49 | 50 | # Direnv for project environments 51 | direnv = { 52 | enable = true; 53 | enableBashIntegration = true; 54 | enableZshIntegration = true; 55 | }; 56 | 57 | # Starship prompt 58 | starship = { 59 | enable = true; 60 | 61 | settings = { 62 | add_newline = false; 63 | 64 | format = "$all$character"; 65 | 66 | character = { 67 | success_symbol = "[➜](bold green)"; 68 | error_symbol = "[➜](bold red)"; 69 | }; 70 | 71 | git_branch = { 72 | format = "[$symbol$branch]($style) "; 73 | }; 74 | 75 | git_status = { 76 | format = "([$all_status$ahead_behind]($style) )"; 77 | }; 78 | }; 79 | }; 80 | 81 | # Better cat with syntax highlighting 82 | bat = { 83 | enable = true; 84 | config = { 85 | theme = "TwoDark"; 86 | style = "numbers,changes,header"; 87 | }; 88 | }; 89 | 90 | # Fuzzy finder 91 | fzf = { 92 | enable = true; 93 | enableBashIntegration = true; 94 | enableZshIntegration = true; 95 | }; 96 | }; 97 | 98 | # Development-specific XDG directories 99 | xdg.userDirs = { 100 | documents = "$HOME/Documents"; 101 | download = "$HOME/Downloads"; 102 | desktop = "$HOME/Desktop"; 103 | 104 | # Development directories 105 | extraConfig = { 106 | XDG_DEV_DIR = "$HOME/Development"; 107 | XDG_PROJECTS_DIR = "$HOME/Projects"; 108 | }; 109 | }; 110 | } 111 | -------------------------------------------------------------------------------- /hosts/kde-test/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Hardware configuration for QEMU/KVM virtual machine 2 | # This file is typically generated by nixos-generate-config 3 | # This is a template - replace with your actual VM hardware configuration 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ]; 11 | 12 | # VM hardware configuration 13 | boot = { 14 | initrd = { 15 | availableKernelModules = [ 16 | "virtio_pci" 17 | "virtio_scsi" 18 | "virtio_blk" 19 | "virtio_net" 20 | "ahci" 21 | "xhci_pci" 22 | "sr_mod" 23 | ]; 24 | kernelModules = [ ]; 25 | }; 26 | kernelModules = [ "kvm-intel" ]; # or "kvm-amd" for AMD hosts 27 | extraModulePackages = [ ]; 28 | }; 29 | 30 | # Filesystem configuration - EXAMPLE FOR SINGLE DISK VM 31 | # Replace UUIDs with your actual values from `blkid` 32 | fileSystems."/" = { 33 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-ROOT-UUID"; 34 | fsType = "ext4"; 35 | options = [ "noatime" "discard" ]; # Optimizations for VMs 36 | }; 37 | 38 | # Boot partition (if using UEFI) 39 | fileSystems."/boot" = { 40 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-BOOT-UUID"; 41 | fsType = "vfat"; 42 | }; 43 | 44 | # Swap (optional for VMs) 45 | swapDevices = [ 46 | # { device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-SWAP-UUID"; } 47 | ]; 48 | 49 | # Alternative: Use a swap file instead 50 | # swapDevices = [ 51 | # { device = "/swapfile"; size = 2048; } # 2GB swap file 52 | # ]; 53 | 54 | # Network hardware 55 | networking.useDHCP = lib.mkDefault true; 56 | 57 | # Common QEMU network interface names 58 | # Uncomment the one that matches your VM 59 | # networking.interfaces.enp0s3.useDHCP = lib.mkDefault true; # NAT 60 | # networking.interfaces.enp0s8.useDHCP = lib.mkDefault true; # Host-only 61 | # networking.interfaces.ens3.useDHCP = lib.mkDefault true; # Alternative naming 62 | 63 | # Platform 64 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 65 | 66 | # VM-specific hardware options 67 | hardware = { 68 | # CPU microcode (adjust based on host CPU) 69 | cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 70 | # cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 71 | 72 | # Enable firmware 73 | enableRedistributableFirmware = true; 74 | }; 75 | 76 | # VM-specific boot loader options (merged with above boot configuration) 77 | boot.loader = { 78 | grub = { 79 | enable = true; 80 | device = "/dev/vda"; # Adjust if using different disk naming 81 | # For UEFI VMs, use: 82 | # efiSupport = true; 83 | # device = "nodev"; 84 | }; 85 | 86 | # Explicitly disable systemd-boot to avoid conflicts 87 | systemd-boot.enable = lib.mkForce false; 88 | }; 89 | } 90 | -------------------------------------------------------------------------------- /hosts/qemu-vm/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Hardware configuration for QEMU/KVM virtual machine 2 | # This file is typically generated by nixos-generate-config 3 | # This is a template - replace with your actual VM hardware configuration 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ]; 11 | 12 | # VM hardware configuration 13 | boot = { 14 | initrd = { 15 | availableKernelModules = [ 16 | "virtio_pci" 17 | "virtio_scsi" 18 | "virtio_blk" 19 | "virtio_net" 20 | "ahci" 21 | "xhci_pci" 22 | "sr_mod" 23 | ]; 24 | kernelModules = [ ]; 25 | }; 26 | kernelModules = [ "kvm-intel" ]; # or "kvm-amd" for AMD hosts 27 | extraModulePackages = [ ]; 28 | }; 29 | 30 | # Filesystem configuration - EXAMPLE FOR SINGLE DISK VM 31 | # Replace UUIDs with your actual values from `blkid` 32 | fileSystems."/" = { 33 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-ROOT-UUID"; 34 | fsType = "ext4"; 35 | options = [ "noatime" "discard" ]; # Optimizations for VMs 36 | }; 37 | 38 | # Boot partition (if using UEFI) 39 | fileSystems."/boot" = { 40 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-BOOT-UUID"; 41 | fsType = "vfat"; 42 | }; 43 | 44 | # Swap (optional for VMs) 45 | swapDevices = [ 46 | # { device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-SWAP-UUID"; } 47 | ]; 48 | 49 | # Alternative: Use a swap file instead 50 | # swapDevices = [ 51 | # { device = "/swapfile"; size = 2048; } # 2GB swap file 52 | # ]; 53 | 54 | # Network hardware 55 | networking.useDHCP = lib.mkDefault true; 56 | 57 | # Common QEMU network interface names 58 | # Uncomment the one that matches your VM 59 | # networking.interfaces.enp0s3.useDHCP = lib.mkDefault true; # NAT 60 | # networking.interfaces.enp0s8.useDHCP = lib.mkDefault true; # Host-only 61 | # networking.interfaces.ens3.useDHCP = lib.mkDefault true; # Alternative naming 62 | 63 | # Platform 64 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 65 | 66 | # VM-specific hardware options 67 | hardware = { 68 | # CPU microcode (adjust based on host CPU) 69 | cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 70 | # cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 71 | 72 | # Enable firmware 73 | enableRedistributableFirmware = true; 74 | }; 75 | 76 | # VM-specific boot loader options (merged with above boot configuration) 77 | boot.loader = { 78 | grub = { 79 | enable = true; 80 | device = "/dev/vda"; # Adjust if using different disk naming 81 | # For UEFI VMs, use: 82 | # efiSupport = true; 83 | # device = "nodev"; 84 | }; 85 | 86 | # Explicitly disable systemd-boot to avoid conflicts 87 | systemd-boot.enable = lib.mkForce false; 88 | }; 89 | } 90 | -------------------------------------------------------------------------------- /hosts/example-server/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Hardware configuration for example-server 2 | # This file is typically generated by nixos-generate-config 3 | # Replace this with your actual hardware configuration 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | ]; 11 | 12 | # Example server hardware configuration - REPLACE WITH YOUR ACTUAL CONFIG 13 | boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; 14 | boot.initrd.kernelModules = [ ]; 15 | boot.kernelModules = [ "kvm-intel" ]; # or "kvm-amd" for AMD 16 | boot.extraModulePackages = [ ]; 17 | 18 | # Filesystem configuration - EXAMPLE ONLY 19 | fileSystems."/" = 20 | { 21 | device = "/dev/disk/by-uuid/YOUR-ROOT-UUID"; 22 | fsType = "ext4"; 23 | options = [ "noatime" ]; # Performance optimization 24 | }; 25 | 26 | fileSystems."/boot" = 27 | { 28 | device = "/dev/disk/by-uuid/YOUR-BOOT-UUID"; 29 | fsType = "vfat"; 30 | }; 31 | 32 | # Data partition (optional for servers) 33 | fileSystems."/data" = 34 | { 35 | device = "/dev/disk/by-uuid/YOUR-DATA-UUID"; 36 | fsType = "ext4"; 37 | options = [ "noatime" "user_xattr" ]; 38 | }; 39 | 40 | # Swap configuration - Consider size based on RAM and workload 41 | swapDevices = [ 42 | { device = "/dev/disk/by-uuid/YOUR-SWAP-UUID"; } 43 | ]; 44 | 45 | # Network hardware 46 | networking.useDHCP = lib.mkDefault true; 47 | # For static IP configuration: 48 | # networking.interfaces.enp3s0.ipv4.addresses = [ { 49 | # address = "192.168.1.100"; 50 | # prefixLength = 24; 51 | # } ]; 52 | # networking.defaultGateway = "192.168.1.1"; 53 | # networking.nameservers = [ "8.8.8.8" "1.1.1.1" ]; 54 | 55 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 56 | 57 | # Hardware specific options for servers 58 | hardware = { 59 | # CPU microcode (adjust based on your CPU) 60 | cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 61 | # cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 62 | 63 | # Enable firmware 64 | enableRedistributableFirmware = true; 65 | }; 66 | 67 | # Server-specific boot options 68 | boot = { 69 | # Use GRUB for servers (better compatibility) 70 | loader.grub = { 71 | enable = true; 72 | device = "/dev/sda"; # Adjust for your primary disk 73 | }; 74 | 75 | # Server kernel optimizations 76 | kernel.sysctl = { 77 | # Increase file descriptor limits 78 | "fs.file-max" = 2097152; 79 | 80 | # Network buffer sizes for high-throughput workloads 81 | "net.core.rmem_max" = 268435456; 82 | "net.core.wmem_max" = 268435456; 83 | 84 | # Memory management for servers 85 | "vm.swappiness" = 10; 86 | "vm.dirty_ratio" = 15; 87 | }; 88 | }; 89 | } 90 | -------------------------------------------------------------------------------- /vm-test-config/secrets.nix: -------------------------------------------------------------------------------- 1 | # Example agenix secrets configuration for desktop host 2 | { config, ... }: 3 | 4 | { 5 | # Enable agenix secrets management 6 | modules.security.agenix = { 7 | enable = true; 8 | 9 | # Desktop-specific secrets 10 | secrets = { 11 | # User password 12 | "user-password" = { 13 | file = ../../secrets/user-password.age; 14 | owner = "root"; 15 | group = "root"; 16 | mode = "0400"; 17 | }; 18 | 19 | # WiFi network password 20 | "wifi-password" = { 21 | file = ../../secrets/wifi-password.age; 22 | owner = "networkmanager"; 23 | group = "networkmanager"; 24 | mode = "0440"; 25 | }; 26 | 27 | # SSH private key for user 28 | "ssh-private-key" = { 29 | file = ../../secrets/ssh-private-key.age; 30 | owner = "user"; 31 | group = "users"; 32 | mode = "0400"; 33 | path = "/home/user/.ssh/id_ed25519"; 34 | }; 35 | 36 | # Email configuration 37 | "email-password" = { 38 | file = ../../secrets/email-password.age; 39 | owner = "user"; 40 | group = "users"; 41 | mode = "0400"; 42 | }; 43 | 44 | # Development secrets 45 | "github-token" = { 46 | file = ../../secrets/github-token.age; 47 | owner = "user"; 48 | group = "users"; 49 | mode = "0400"; 50 | }; 51 | 52 | # VPN configuration 53 | "vpn-config" = { 54 | file = ../../secrets/vpn-config.age; 55 | owner = "root"; 56 | group = "root"; 57 | mode = "0400"; 58 | path = "/etc/openvpn/client.conf"; 59 | }; 60 | 61 | # Backup encryption key 62 | "restic-password" = { 63 | file = ../../secrets/restic-password.age; 64 | owner = "backup"; 65 | group = "backup"; 66 | mode = "0400"; 67 | }; 68 | }; 69 | }; 70 | 71 | # Use secrets in system configuration 72 | users.users.user = { 73 | hashedPasswordFile = config.age.secrets."user-password".path; 74 | }; 75 | 76 | # WiFi network with secret password 77 | networking.wireless = { 78 | enable = true; 79 | networks = { 80 | "MyHomeWiFi" = { 81 | pskFile = config.age.secrets."wifi-password".path; 82 | }; 83 | }; 84 | }; 85 | 86 | # Backup service using encrypted password 87 | services.restic.backups.home = { 88 | enable = true; 89 | passwordFile = config.age.secrets."restic-password".path; 90 | repository = "rest:https://backup.example.com/"; 91 | paths = [ "/home/user" ]; 92 | timerConfig = { 93 | OnCalendar = "daily"; 94 | }; 95 | }; 96 | 97 | # Create backup user for restic 98 | users.users.backup = { 99 | isSystemUser = true; 100 | group = "backup"; 101 | }; 102 | users.groups.backup = { }; 103 | } 104 | -------------------------------------------------------------------------------- /hosts/virtualbox-vm/home.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, ... }: 2 | 3 | { 4 | # User-specific packages for VirtualBox VM 5 | home.packages = with pkgs; [ 6 | # Desktop applications 7 | firefox 8 | libreoffice 9 | 10 | # File management 11 | xfce.thunar 12 | xfce.thunar-volman 13 | 14 | # Text editors 15 | gedit 16 | mousepad 17 | 18 | # Media 19 | vlc 20 | 21 | # Development tools 22 | vscode 23 | git 24 | 25 | # Utilities 26 | htop 27 | neofetch 28 | ]; 29 | 30 | # Program configurations 31 | programs = { 32 | # Git configuration 33 | git = { 34 | enable = true; 35 | userName = lib.mkDefault "VirtualBox User"; 36 | userEmail = lib.mkDefault "vbox-user@example.com"; 37 | }; 38 | 39 | # Shell configuration 40 | bash = { 41 | enable = true; 42 | shellAliases = { 43 | ll = "ls -la"; 44 | la = "ls -la"; 45 | l = "ls -l"; 46 | cls = "clear"; 47 | ".." = "cd .."; 48 | }; 49 | }; 50 | 51 | # Firefox configuration for VM 52 | firefox = { 53 | enable = true; 54 | profiles.default = { 55 | name = "Default"; 56 | isDefault = true; 57 | 58 | settings = { 59 | # Performance optimizations for VMs 60 | "gfx.webrender.enabled" = false; # Disable for VM compatibility 61 | "layers.acceleration.disabled" = true; 62 | 63 | # Privacy settings 64 | "browser.startup.homepage" = "about:blank"; 65 | "browser.newtabpage.enabled" = false; 66 | 67 | # Disable unnecessary features in VMs 68 | "geo.enabled" = false; 69 | "media.navigator.enabled" = false; 70 | }; 71 | }; 72 | }; 73 | 74 | # XDG configuration 75 | xdg = { 76 | enable = true; 77 | 78 | # Default applications 79 | mimeApps.defaultApplications = { 80 | "text/plain" = [ "mousepad.desktop" ]; 81 | "text/html" = [ "firefox.desktop" ]; 82 | "application/pdf" = [ "firefox.desktop" ]; 83 | }; 84 | }; 85 | 86 | # Desktop environment specific settings 87 | dconf.settings = { 88 | "org/xfce/desktop" = { 89 | backdrop = { 90 | screen0 = { 91 | monitor0 = { 92 | workspace0 = { 93 | last-image = "${pkgs.xfce.xfce4-artwork}/share/pixmaps/xfce-blue.jpg"; 94 | }; 95 | }; 96 | }; 97 | }; 98 | }; 99 | }; 100 | }; 101 | 102 | # Services 103 | services = { 104 | # Redshift for eye strain 105 | redshift = { 106 | enable = true; 107 | latitude = 40.0; # Adjust to your location 108 | longitude = -74.0; # Adjust to your location 109 | }; 110 | }; 111 | 112 | # Home Manager state version 113 | home.stateVersion = "25.05"; 114 | } 115 | -------------------------------------------------------------------------------- /hosts/example-desktop/secrets.nix: -------------------------------------------------------------------------------- 1 | # Example agenix secrets configuration for desktop host 2 | { config, ... }: 3 | 4 | { 5 | # Enable agenix secrets management 6 | modules.security.agenix = { 7 | enable = true; 8 | 9 | # Desktop-specific secrets 10 | secrets = { 11 | # User password 12 | "user-password" = { 13 | file = ../../secrets/user-password.age; 14 | owner = "root"; 15 | group = "root"; 16 | mode = "0400"; 17 | }; 18 | 19 | # WiFi network password 20 | "wifi-password" = { 21 | file = ../../secrets/wifi-password.age; 22 | owner = "networkmanager"; 23 | group = "networkmanager"; 24 | mode = "0440"; 25 | }; 26 | 27 | # SSH private key for user 28 | "ssh-private-key" = { 29 | file = ../../secrets/ssh-private-key.age; 30 | owner = "user"; 31 | group = "users"; 32 | mode = "0400"; 33 | path = "/home/user/.ssh/id_ed25519"; 34 | }; 35 | 36 | # Email configuration 37 | "email-password" = { 38 | file = ../../secrets/email-password.age; 39 | owner = "user"; 40 | group = "users"; 41 | mode = "0400"; 42 | }; 43 | 44 | # Development secrets 45 | "github-token" = { 46 | file = ../../secrets/github-token.age; 47 | owner = "user"; 48 | group = "users"; 49 | mode = "0400"; 50 | }; 51 | 52 | # VPN configuration 53 | "vpn-config" = { 54 | file = ../../secrets/vpn-config.age; 55 | owner = "root"; 56 | group = "root"; 57 | mode = "0400"; 58 | path = "/etc/openvpn/client.conf"; 59 | }; 60 | 61 | # Backup encryption key 62 | "restic-password" = { 63 | file = ../../secrets/restic-password.age; 64 | owner = "backup"; 65 | group = "backup"; 66 | mode = "0400"; 67 | }; 68 | }; 69 | }; 70 | 71 | # Use secrets in system configuration 72 | users.users.user = { 73 | hashedPasswordFile = config.age.secrets."user-password".path; 74 | }; 75 | 76 | # WiFi network with secret password 77 | networking.wireless = { 78 | enable = true; 79 | networks = { 80 | "MyHomeWiFi" = { 81 | pskFile = config.age.secrets."wifi-password".path; 82 | }; 83 | }; 84 | }; 85 | 86 | # Backup service using encrypted password 87 | services.restic.backups.home = { 88 | enable = true; 89 | passwordFile = config.age.secrets."restic-password".path; 90 | repository = "rest:https://backup.example.com/"; 91 | paths = [ "/home/user" ]; 92 | timerConfig = { 93 | OnCalendar = "daily"; 94 | }; 95 | }; 96 | 97 | # Create backup user for restic 98 | users.users.backup = { 99 | isSystemUser = true; 100 | group = "backup"; 101 | }; 102 | users.groups.backup = { }; 103 | } 104 | -------------------------------------------------------------------------------- /hosts/desktop-test/hardware-configuration.nix: -------------------------------------------------------------------------------- 1 | # Hardware configuration for QEMU/KVM virtual machine 2 | # This file is typically generated by nixos-generate-config 3 | # This is a template - replace with your actual VM hardware configuration 4 | 5 | { config, lib, modulesPath, ... }: 6 | 7 | { 8 | imports = [ 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ]; 11 | 12 | # VM hardware configuration 13 | boot = { 14 | initrd = { 15 | availableKernelModules = [ 16 | "virtio_pci" 17 | "virtio_scsi" 18 | "virtio_blk" 19 | "virtio_net" 20 | "ahci" 21 | "xhci_pci" 22 | "sr_mod" 23 | ]; 24 | kernelModules = [ ]; 25 | }; 26 | kernelModules = [ ]; # Disabled kvm modules to prevent VMX/SVM errors in nested virtualization 27 | extraModulePackages = [ ]; 28 | }; 29 | 30 | # Filesystem configuration - EXAMPLE FOR SINGLE DISK VM 31 | # Replace UUIDs with your actual values from `blkid` 32 | fileSystems."/" = { 33 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-ROOT-UUID"; 34 | fsType = "ext4"; 35 | options = [ "noatime" "discard" ]; # Optimizations for VMs 36 | }; 37 | 38 | # Boot partition (if using UEFI) 39 | fileSystems."/boot" = { 40 | device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-BOOT-UUID"; 41 | fsType = "vfat"; 42 | }; 43 | 44 | # Swap (optional for VMs) 45 | swapDevices = [ 46 | # { device = "/dev/disk/by-uuid/REPLACE-WITH-YOUR-SWAP-UUID"; } 47 | ]; 48 | 49 | # Alternative: Use a swap file instead 50 | # swapDevices = [ 51 | # { device = "/swapfile"; size = 2048; } # 2GB swap file 52 | # ]; 53 | 54 | # Network hardware 55 | networking.useDHCP = lib.mkDefault true; 56 | 57 | # Common QEMU network interface names 58 | # Uncomment the one that matches your VM 59 | # networking.interfaces.enp0s3.useDHCP = lib.mkDefault true; # NAT 60 | # networking.interfaces.enp0s8.useDHCP = lib.mkDefault true; # Host-only 61 | # networking.interfaces.ens3.useDHCP = lib.mkDefault true; # Alternative naming 62 | 63 | # Platform 64 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 65 | 66 | # VM-specific hardware options 67 | hardware = { 68 | # CPU microcode (adjust based on host CPU) 69 | cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 70 | # cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 71 | 72 | # Enable firmware 73 | enableRedistributableFirmware = true; 74 | }; 75 | 76 | # VM-specific boot loader options (merged with above boot configuration) 77 | boot.loader = { 78 | grub = { 79 | enable = true; 80 | device = "/dev/vda"; # Adjust if using different disk naming 81 | # For UEFI VMs, use: 82 | # efiSupport = true; 83 | # device = "nodev"; 84 | }; 85 | 86 | # Explicitly disable systemd-boot to avoid conflicts 87 | systemd-boot.enable = lib.mkForce false; 88 | }; 89 | } 90 | -------------------------------------------------------------------------------- /secrets/keys/README.md: -------------------------------------------------------------------------------- 1 | # Agenix Keys Directory 2 | 3 | This directory contains age public keys for users and systems that can decrypt secrets. 4 | 5 | ## Key Types 6 | 7 | ### User Keys 8 | 9 | Personal age keys for individual users. These are typically generated from SSH keys or created specifically for secrets management. 10 | 11 | ### System Keys 12 | 13 | Age keys derived from SSH host keys of systems/hosts that need access to secrets. 14 | 15 | ## Key Management 16 | 17 | ### Generating User Keys 18 | 19 | **From SSH Key**: 20 | 21 | ```bash 22 | # Convert SSH public key to age public key 23 | ssh-to-age < ~/.ssh/id_ed25519.pub 24 | 25 | # Or with explicit conversion 26 | nix-shell -p ssh-to-age --run "ssh-to-age < ~/.ssh/id_ed25519.pub" 27 | ``` 28 | 29 | **Direct Age Key Generation**: 30 | 31 | ```bash 32 | # Generate a new age key pair 33 | age-keygen -o user-key.txt 34 | # The public key will be printed to stdout 35 | # Store the private key securely 36 | ``` 37 | 38 | ### Generating System Keys 39 | 40 | **From SSH Host Keys**: 41 | 42 | ```bash 43 | # On the target system 44 | sudo ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub 45 | 46 | # Or remotely 47 | ssh root@hostname 'cat /etc/ssh/ssh_host_ed25519_key.pub' | ssh-to-age 48 | ``` 49 | 50 | ### Key Storage 51 | 52 | **Public Keys** (safe to commit): 53 | 54 | - Store in this `keys/` directory 55 | - Include in `secrets.nix` configuration 56 | - Can be shared publicly 57 | 58 | **Private Keys** (NEVER commit): 59 | 60 | - Store securely on local systems only 61 | - Use proper file permissions (600) 62 | - Consider hardware security modules 63 | 64 | ## Directory Structure 65 | 66 | ``` 67 | keys/ 68 | ├── users/ 69 | │ ├── alice.pub # User public keys 70 | │ ├── bob.pub 71 | │ └── admin.pub 72 | ├── systems/ 73 | │ ├── laptop.pub # System public keys 74 | │ ├── server.pub 75 | │ └── desktop.pub 76 | └── README.md # This file 77 | ``` 78 | 79 | ## Usage in secrets.nix 80 | 81 | Reference keys in your secrets configuration: 82 | 83 | ```nix 84 | let 85 | users = { 86 | alice = "age1xyz..."; # Content of keys/users/alice.pub 87 | bob = "age1abc..."; # Content of keys/users/bob.pub 88 | }; 89 | 90 | systems = { 91 | laptop = "age1host123..."; # Content of keys/systems/laptop.pub 92 | server = "age1host456..."; # Content of keys/systems/server.pub 93 | }; 94 | in 95 | { 96 | "my-secret.age".publicKeys = [ users.alice systems.laptop ]; 97 | } 98 | ``` 99 | 100 | ## Security Notes 101 | 102 | 1. **Public Key Distribution**: Public keys can be safely committed to git 103 | 1. **Private Key Security**: Never commit private keys to version control 104 | 1. **Key Rotation**: Regularly rotate keys and re-encrypt secrets 105 | 1. **Access Control**: Only include necessary keys for each secret 106 | 1. **Backup**: Maintain secure backups of private keys 107 | -------------------------------------------------------------------------------- /hosts/qemu-vm/configuration.nix: -------------------------------------------------------------------------------- 1 | { lib, pkgs, ... }: 2 | 3 | { 4 | imports = [ 5 | # Hardware configuration (generate with nixos-generate-config) 6 | ./hardware-configuration.nix 7 | 8 | # Common configuration 9 | ../common.nix 10 | 11 | # VM guest optimizations 12 | ../../modules/virtualization/vm-guest.nix 13 | 14 | # Core modules 15 | ../../modules/core 16 | 17 | # Development tools (optional) 18 | ../../modules/development 19 | ]; 20 | 21 | # Hostname 22 | networking.hostName = "qemu-vm"; 23 | 24 | # Enable VM guest optimizations 25 | modules.virtualization.vm-guest = { 26 | enable = true; 27 | type = "qemu"; # Can also use "auto" for auto-detection 28 | 29 | optimizations = { 30 | performance = true; 31 | graphics = true; 32 | networking = true; 33 | storage = true; 34 | }; 35 | 36 | guestTools = { 37 | enable = true; 38 | clipboard = true; 39 | folderSharing = true; 40 | timeSync = true; 41 | }; 42 | 43 | serial = { 44 | enable = true; 45 | }; 46 | }; 47 | 48 | # Users 49 | users.users.vm-user = { 50 | isNormalUser = true; 51 | description = "VM User"; 52 | extraGroups = [ "wheel" "networkmanager" ]; 53 | 54 | # Set initial password (change after first login) 55 | initialPassword = "nixos"; 56 | }; 57 | 58 | # Allow wheel group to sudo without password (VM convenience) 59 | security.sudo.wheelNeedsPassword = false; 60 | 61 | # Home Manager configuration for the user 62 | home-manager.users.vm-user = import ./home.nix; 63 | 64 | # VM-specific services (additional to what vm-guest module provides) 65 | services = { 66 | # Enable SSH for remote access 67 | openssh = { 68 | enable = true; 69 | settings = { 70 | PasswordAuthentication = true; # Allow for initial setup 71 | PermitRootLogin = "no"; 72 | }; 73 | }; 74 | }; 75 | 76 | # Firewall configuration 77 | networking.firewall = { 78 | enable = true; 79 | allowedTCPPorts = [ 22 ]; # SSH 80 | allowPing = true; 81 | }; 82 | 83 | # Development tools (optional, can be disabled for minimal VMs) 84 | modules.development.git = { 85 | enable = lib.mkDefault true; 86 | userName = lib.mkDefault "VM User"; 87 | userEmail = lib.mkDefault "vm-user@example.com"; 88 | }; 89 | 90 | # Additional system packages beyond what vm-guest provides 91 | environment.systemPackages = with pkgs; [ 92 | # Cloud utilities for VM deployment 93 | cloud-utils 94 | 95 | # Additional network tools 96 | socat 97 | 98 | # Development conveniences 99 | git 100 | curl 101 | wget 102 | ]; 103 | 104 | # Additional virtualization settings 105 | boot = { 106 | # Resize root partition on boot (useful for cloud images) 107 | growPartition = true; 108 | }; 109 | 110 | # System state version 111 | system.stateVersion = "25.05"; 112 | } 113 | -------------------------------------------------------------------------------- /modules/development/git.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | let 4 | cfg = config.modules.development.git; 5 | in 6 | { 7 | options.modules.development.git = { 8 | enable = lib.mkEnableOption "Git development tools"; 9 | userName = lib.mkOption { 10 | type = lib.types.str; 11 | default = ""; 12 | description = "Global git user name"; 13 | }; 14 | userEmail = lib.mkOption { 15 | type = lib.types.str; 16 | default = ""; 17 | description = "Global git user email"; 18 | }; 19 | signing = { 20 | enable = lib.mkEnableOption "Git commit signing"; 21 | key = lib.mkOption { 22 | type = lib.types.str; 23 | default = ""; 24 | description = "GPG key ID for commit signing"; 25 | }; 26 | }; 27 | }; 28 | 29 | config = lib.mkIf cfg.enable { 30 | programs.git = { 31 | enable = true; 32 | 33 | # Global configuration 34 | config = lib.mkMerge [ 35 | # Basic configuration 36 | { 37 | user = lib.mkIf (cfg.userName != "" && cfg.userEmail != "") { 38 | name = cfg.userName; 39 | email = cfg.userEmail; 40 | }; 41 | 42 | init.defaultBranch = "main"; 43 | 44 | # Better diffs and merges 45 | diff.algorithm = "patience"; 46 | merge.conflictstyle = "diff3"; 47 | 48 | # Push configuration 49 | push.default = "simple"; 50 | push.autoSetupRemote = true; 51 | 52 | # Pull configuration 53 | pull.rebase = true; 54 | 55 | # Color configuration 56 | color.ui = "auto"; 57 | 58 | # Aliases 59 | alias = { 60 | st = "status -s"; 61 | co = "checkout"; 62 | br = "branch"; 63 | ci = "commit"; 64 | unstage = "reset HEAD --"; 65 | last = "log -1 HEAD"; 66 | visual = "!gitk"; 67 | 68 | # Pretty log formats 69 | lg = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; 70 | ll = "log --oneline"; 71 | }; 72 | } 73 | 74 | # Signing configuration 75 | (lib.mkIf cfg.signing.enable { 76 | commit.gpgSign = true; 77 | tag.gpgSign = true; 78 | user.signingkey = cfg.signing.key; 79 | }) 80 | ]; 81 | }; 82 | 83 | # Additional Git tools 84 | environment.systemPackages = with pkgs; [ 85 | git-lfs # Large file support 86 | gh # GitHub CLI 87 | gitflow # Git Flow extensions 88 | tig # Text-based Git interface 89 | lazygit # Terminal Git UI 90 | gitui # Another terminal Git UI 91 | ]; 92 | 93 | # GPG support for commit signing 94 | programs.gnupg.agent = lib.mkIf cfg.signing.enable { 95 | enable = true; 96 | enableSSHSupport = true; 97 | }; 98 | }; 99 | } 100 | -------------------------------------------------------------------------------- /hosts/kde-test/configuration.nix: -------------------------------------------------------------------------------- 1 | { lib, pkgs, ... }: 2 | 3 | { 4 | imports = [ 5 | # Hardware configuration (generate with nixos-generate-config) 6 | ./hardware-configuration.nix 7 | 8 | # Common configuration 9 | ../common.nix 10 | 11 | # VM guest optimizations 12 | ../../modules/virtualization/vm-guest.nix 13 | 14 | # Core modules 15 | ../../modules/core 16 | 17 | # Development tools (optional) 18 | ../../modules/development 19 | ]; 20 | 21 | # Hostname 22 | networking.hostName = "kde-test"; 23 | 24 | # Enable VM guest optimizations 25 | modules.virtualization.vm-guest = { 26 | enable = true; 27 | type = "qemu"; # Can also use "auto" for auto-detection 28 | 29 | optimizations = { 30 | performance = true; 31 | graphics = true; 32 | networking = true; 33 | storage = true; 34 | }; 35 | 36 | guestTools = { 37 | enable = true; 38 | clipboard = true; 39 | folderSharing = true; 40 | timeSync = true; 41 | }; 42 | 43 | serial = { 44 | enable = true; 45 | }; 46 | }; 47 | 48 | # Users 49 | users.users.vm-user = { 50 | isNormalUser = true; 51 | description = "VM User"; 52 | extraGroups = [ "wheel" "networkmanager" ]; 53 | 54 | # Set initial password (change after first login) 55 | initialPassword = "nixos"; 56 | }; 57 | 58 | # Allow wheel group to sudo without password (VM convenience) 59 | security.sudo.wheelNeedsPassword = false; 60 | 61 | # Home Manager configuration for the user 62 | home-manager.users.vm-user = import ./home.nix; 63 | 64 | # VM-specific services (additional to what vm-guest module provides) 65 | services = { 66 | # Enable SSH for remote access 67 | openssh = { 68 | enable = true; 69 | settings = { 70 | PasswordAuthentication = true; # Allow for initial setup 71 | PermitRootLogin = "no"; 72 | }; 73 | }; 74 | }; 75 | 76 | # Firewall configuration 77 | networking.firewall = { 78 | enable = true; 79 | allowedTCPPorts = [ 22 ]; # SSH 80 | allowPing = true; 81 | }; 82 | 83 | # Development tools (optional, can be disabled for minimal VMs) 84 | modules.development.git = { 85 | enable = lib.mkDefault true; 86 | userName = lib.mkDefault "VM User"; 87 | userEmail = lib.mkDefault "vm-user@example.com"; 88 | }; 89 | 90 | # Additional system packages beyond what vm-guest provides 91 | environment.systemPackages = with pkgs; [ 92 | # Cloud utilities for VM deployment 93 | cloud-utils 94 | 95 | # Additional network tools 96 | socat 97 | 98 | # Development conveniences 99 | git 100 | curl 101 | wget 102 | ]; 103 | 104 | # Additional virtualization settings 105 | boot = { 106 | # Resize root partition on boot (useful for cloud images) 107 | growPartition = true; 108 | }; 109 | 110 | # System state version 111 | system.stateVersion = "25.05"; 112 | } 113 | -------------------------------------------------------------------------------- /hosts/desktop-template/home.nix: -------------------------------------------------------------------------------- 1 | # Desktop Template Home Manager Configuration 2 | # Uses shared profiles to reduce duplication 3 | { config, pkgs, ... }: 4 | 5 | { 6 | # Import shared Home Manager profiles 7 | imports = [ 8 | ../../home/profiles/base.nix # Base configuration with git, bash, etc. 9 | ../../home/profiles/desktop.nix # Desktop applications and GUI tools 10 | ../../home/profiles/development.nix # Development tools and environments 11 | ]; 12 | 13 | # Host-specific user info (overrides base profile defaults) 14 | home = { 15 | username = "user"; 16 | homeDirectory = "/home/user"; 17 | }; 18 | 19 | # Override git configuration with host-specific details 20 | programs.git = { 21 | userName = "Desktop User"; 22 | userEmail = "user@example.com"; 23 | }; 24 | 25 | # Desktop template-specific customizations 26 | home.sessionVariables = { 27 | # Override base profile editor for desktop development 28 | EDITOR = "code"; 29 | BROWSER = "firefox"; 30 | TERMINAL = "gnome-terminal"; 31 | 32 | # Development optimizations 33 | NODE_OPTIONS = "--max-old-space-size=8192"; 34 | 35 | # Graphics/Wayland support 36 | NIXOS_OZONE_WL = "1"; # Enable Wayland for Electron apps 37 | }; 38 | 39 | # Desktop-specific additional packages (extends profile packages) 40 | home.packages = with pkgs; [ 41 | # Advanced development tools (beyond development profile) 42 | jetbrains.idea-community 43 | dbeaver-bin 44 | postman 45 | 46 | # Creative applications (beyond desktop profile) 47 | blender 48 | audacity 49 | obs-studio 50 | krita 51 | darktable 52 | 53 | # Additional communication tools 54 | signal-desktop 55 | slack 56 | 57 | # Gaming tools (beyond desktop profile) 58 | lutris 59 | heroic 60 | steam-run 61 | 62 | # Cloud and sync tools 63 | rclone 64 | syncthing 65 | ]; 66 | 67 | # Enhanced bash configuration for desktop development 68 | programs.bash.shellAliases = { 69 | # Development shortcuts (extends base profile aliases) 70 | "serve" = "python -m http.server 8000"; 71 | "json" = "python -m json.tool"; 72 | 73 | # Docker shortcuts 74 | "dps" = "docker ps"; 75 | "dpa" = "docker ps -a"; 76 | "di" = "docker images"; 77 | "dex" = "docker exec -it"; 78 | 79 | # Desktop integration 80 | "open" = "xdg-open"; 81 | "pbcopy" = "xclip -selection clipboard"; 82 | "pbpaste" = "xclip -selection clipboard -o"; 83 | }; 84 | 85 | # Desktop-specific bash enhancements 86 | programs.bash.bashrcExtra = '' 87 | # Development aliases for desktop 88 | alias code='code --enable-features=UseOzonePlatform --ozone-platform=wayland' 89 | 90 | # Quick project navigation 91 | cdp() { 92 | if [ -d "$HOME/Projects/$1" ]; then 93 | cd "$HOME/Projects/$1" 94 | else 95 | echo "Project $1 not found in ~/Projects/" 96 | fi 97 | } 98 | ''; 99 | } 100 | -------------------------------------------------------------------------------- /shell.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | with pkgs; { 3 | default = mkShell { 4 | name = "nixos-config"; 5 | 6 | buildInputs = [ 7 | # Nix tools 8 | nixpkgs-fmt 9 | nil # Nix LSP 10 | nix-output-monitor # Better nix build output 11 | nix-tree # Visualize Nix dependencies 12 | 13 | # Code quality tools 14 | statix # Nix linter and code analyzer 15 | deadnix # Dead code detection 16 | vulnix # Security vulnerability scanner 17 | 18 | # Build tools 19 | just # Task runner 20 | git 21 | 22 | # Secrets management 23 | sops 24 | ssh-to-pgp 25 | 26 | # Documentation 27 | mdbook 28 | 29 | # System utilities 30 | pciutils 31 | usbutils 32 | 33 | # Development utilities 34 | fd # Better find 35 | ripgrep # Better grep 36 | bat # Better cat 37 | eza # Better ls 38 | fzf # Fuzzy finder 39 | 40 | # Git hooks and automation 41 | pre-commit # Git pre-commit hooks 42 | ]; 43 | 44 | shellHook = '' 45 | echo "NixOS Configuration Development Environment" 46 | echo "" 47 | echo "Basic Commands:" 48 | echo " just switch - Rebuild and switch to new configuration" 49 | echo " just test - Test configuration without switching" 50 | echo " just boot - Build configuration for next boot" 51 | echo " just update - Update flake inputs" 52 | echo "" 53 | echo "Code Quality:" 54 | echo " just validate - Run comprehensive validation (check, lint, format)" 55 | echo " just quality - Full code quality suite (includes security audit)" 56 | echo " just fmt - Format Nix files" 57 | echo " just check - Check flake for errors" 58 | echo " just lint - Lint Nix code with statix" 59 | echo " just dead-code-check - Check for unused code" 60 | echo " just security-audit - Run security vulnerability scan" 61 | echo "" 62 | echo "Desktop Management:" 63 | echo " just list-desktops - Show available desktop environments" 64 | echo " just test-desktop DE - Test specific desktop configuration" 65 | echo " just niri-keys - Show Niri keybindings (if using Niri)" 66 | echo "" 67 | echo "User Templates:" 68 | echo " just list-users - Show available user templates" 69 | echo " just init-user HOST TEMPLATE - Initialize user config from template" 70 | echo " just show-user TEMPLATE - Show template details" 71 | echo "" 72 | echo "Development Setup:" 73 | echo " just dev-setup - Complete development environment setup" 74 | echo " just install-hooks - Install git pre-commit hooks" 75 | echo " just run-hooks - Run hooks on all files" 76 | echo "" 77 | echo "More commands: just --list" 78 | echo "" 79 | 80 | # Check if this is a new setup 81 | if [[ ! -f .git/hooks/pre-commit ]]; then 82 | echo "TIP: Run 'just dev-setup' to configure git hooks and validation" 83 | echo "" 84 | fi 85 | ''; 86 | }; 87 | } 88 | -------------------------------------------------------------------------------- /modules/presets/workstation.nix: -------------------------------------------------------------------------------- 1 | # Workstation Preset 2 | # High-performance desktop for productivity and development 3 | { config, lib, pkgs, ... }: 4 | 5 | let 6 | cfg = config.modules.presets; 7 | isWorkstation = cfg.enable && cfg.preset == "workstation"; 8 | in 9 | 10 | { 11 | imports = [ 12 | ../core 13 | ../desktop 14 | ../hardware/power-management.nix 15 | ../development 16 | ../packages/development.nix 17 | ../packages/desktop-apps.nix 18 | ]; 19 | 20 | config = lib.mkIf isWorkstation { 21 | 22 | # Module configuration 23 | modules = { 24 | # Hardware optimization for desktop 25 | hardware.power-management = lib.mkDefault { 26 | enable = true; 27 | profile = "desktop"; 28 | cpuGovernor = "ondemand"; 29 | enableThermalManagement = true; 30 | 31 | desktop = { 32 | enablePerformanceMode = true; 33 | disableUsbAutosuspend = true; 34 | }; 35 | }; 36 | 37 | # Desktop environment (preset choice - use lib.mkDefault to allow override) 38 | desktop = lib.mkDefault { 39 | audio.enable = true; 40 | gnome.enable = true; 41 | }; 42 | 43 | # Development environment (preset choice - use lib.mkDefault to allow override) 44 | development.git.enable = lib.mkDefault true; 45 | }; 46 | 47 | # Essential services (opinionated preset configuration) 48 | services = { 49 | # Disable PulseAudio (PipeWire handles audio) 50 | pulseaudio.enable = lib.mkForce false; 51 | 52 | # Printing support (workstations typically need printing) 53 | printing.enable = true; 54 | 55 | # Network discovery (helpful for workstations) 56 | avahi = { 57 | enable = true; 58 | nssmdns4 = true; 59 | openFirewall = true; 60 | }; 61 | }; 62 | 63 | # Networking optimized for desktop 64 | networking = { 65 | networkmanager.enable = true; 66 | firewall = { 67 | enable = true; 68 | # Common development ports (opinionated for workstation preset) 69 | allowedTCPPorts = [ 3000 8000 8080 ]; 70 | }; 71 | }; 72 | 73 | # Performance optimizations (workstation-specific) 74 | boot.kernelParams = [ 75 | "transparent_hugepage=madvise" 76 | "vm.swappiness=10" 77 | ]; 78 | 79 | # Additional workstation-specific packages (core packages provided by shared modules) 80 | environment.systemPackages = with pkgs; [ 81 | # Workstation-specific additions only 82 | neofetch 83 | inkscape 84 | ]; 85 | 86 | # Font configuration (workstation needs good fonts) 87 | fonts = { 88 | enableDefaultPackages = true; 89 | packages = with pkgs; [ 90 | noto-fonts 91 | noto-fonts-cjk-sans 92 | noto-fonts-emoji 93 | liberation_ttf 94 | fira-code 95 | fira-code-symbols 96 | ]; 97 | }; 98 | 99 | # User customizations can be applied in the host configuration 100 | # by simply adding more configuration after the preset import 101 | }; 102 | } 103 | -------------------------------------------------------------------------------- /modules/virtualization/qemu.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | let 4 | cfg = config.modules.virtualization.qemu; 5 | in 6 | { 7 | options.modules.virtualization.qemu = { 8 | enable = lib.mkEnableOption "QEMU/KVM guest configuration"; 9 | 10 | virtioSupport = lib.mkEnableOption "VirtIO driver support" // { default = true; }; 11 | 12 | spiceSupport = lib.mkEnableOption "SPICE guest tools" // { default = false; }; 13 | 14 | qxlSupport = lib.mkEnableOption "QXL graphics driver" // { default = false; }; 15 | }; 16 | 17 | config = lib.mkIf cfg.enable { 18 | # Enable guest optimizations 19 | modules.virtualization.guest-optimizations = { 20 | enable = true; 21 | qemuGuest = true; 22 | }; 23 | 24 | # Services configuration 25 | services = { 26 | # QEMU guest agent for host communication 27 | qemuGuest.enable = true; 28 | 29 | # SPICE guest tools for better desktop integration 30 | spice-vdagentd.enable = cfg.spiceSupport; 31 | 32 | # QXL graphics driver 33 | xserver = lib.mkIf cfg.qxlSupport { 34 | videoDrivers = [ "qxl" ]; 35 | }; 36 | }; 37 | 38 | # VirtIO drivers for better performance 39 | boot = lib.mkIf cfg.virtioSupport { 40 | initrd = { 41 | availableKernelModules = [ 42 | # VirtIO drivers 43 | "virtio_pci" 44 | "virtio_scsi" 45 | "virtio_blk" 46 | "virtio_net" 47 | "virtio_balloon" 48 | "virtio_console" 49 | "virtio_rng" 50 | ]; 51 | 52 | kernelModules = [ 53 | "virtio_gpu" 54 | ]; 55 | }; 56 | 57 | kernelModules = [ 58 | "kvm" 59 | "kvm_intel" # or kvm_amd 60 | "vfio" 61 | "vfio_pci" 62 | ]; 63 | }; 64 | 65 | # Optimize for QEMU/KVM 66 | environment.systemPackages = with pkgs; [ 67 | # QEMU guest additions 68 | qemu-utils 69 | ] ++ lib.optionals cfg.spiceSupport [ 70 | # SPICE client tools 71 | spice-vdagent 72 | spice-gtk 73 | ]; 74 | 75 | # Network configuration optimized for VMs 76 | networking = { 77 | # Use predictable interface names 78 | usePredictableInterfaceNames = true; 79 | 80 | # DHCP on main interface 81 | interfaces = { 82 | enp0s3.useDHCP = lib.mkDefault true; # Common QEMU interface 83 | ens3.useDHCP = lib.mkDefault true; # Alternative naming 84 | }; 85 | }; 86 | 87 | # Filesystem optimizations for QEMU 88 | fileSystems = { 89 | "/" = { 90 | # Use discard for SSD-backed storage 91 | options = [ "noatime" "discard" ]; 92 | }; 93 | }; 94 | 95 | # Security optimizations for VMs 96 | security = { 97 | # Allow QEMU guest agent 98 | polkit.extraConfig = '' 99 | polkit.addRule(function(action, subject) { 100 | if (action.id == "org.freedesktop.machine1.manage-machines" && 101 | subject.isInGroup("wheel")) { 102 | return polkit.Result.YES; 103 | } 104 | }); 105 | ''; 106 | }; 107 | }; 108 | } 109 | -------------------------------------------------------------------------------- /.github/workflows/format.yml: -------------------------------------------------------------------------------- 1 | name: Auto Format 2 | on: 3 | # Disabled auto-formatting to prevent unwanted commits 4 | # Uncomment the lines below to re-enable: 5 | # push: 6 | # branches: [main, develop] 7 | workflow_dispatch: 8 | permissions: 9 | contents: write 10 | pull-requests: write 11 | jobs: 12 | auto-format: 13 | name: Auto Format Code 14 | runs-on: ubuntu-latest 15 | steps: 16 | - name: Checkout repository 17 | uses: actions/checkout@v4 18 | with: 19 | token: ${{ secrets.GITHUB_TOKEN }} 20 | - name: Install Nix 21 | uses: cachix/install-nix-action@v25 22 | with: 23 | nix_path: nixpkgs=channel:nixos-unstable 24 | extra_nix_config: | 25 | experimental-features = nix-command flakes 26 | - name: Install formatting tools 27 | run: | 28 | nix profile install nixpkgs#nixpkgs-fmt 29 | nix profile install nixpkgs#deadnix 30 | nix profile install nixpkgs#shfmt 31 | - name: Setup Node.js for markdown formatting 32 | uses: actions/setup-node@v4 33 | with: 34 | node-version: "20" 35 | - name: Install markdown formatter 36 | run: | 37 | npm install -g prettier 38 | - name: Format Nix files 39 | run: | 40 | echo "Formatting Nix files..." 41 | nixpkgs-fmt . 42 | - name: Remove dead code 43 | run: | 44 | echo "Removing dead code..." 45 | # Use deadnix without --edit to avoid removing required function arguments 46 | deadnix --fail . && echo "No dead code found" || echo "Dead code detected but not auto-removed to preserve function arguments" 47 | - name: Format shell scripts 48 | run: | 49 | echo "Formatting shell scripts..." 50 | find . -name "*.sh" -type f -exec shfmt -w -i 2 -bn -ci {} \; || echo "shfmt completed" 51 | - name: Format markdown files 52 | run: | 53 | echo "Formatting markdown files..." 54 | prettier --write "**/*.md" || echo "Prettier completed" 55 | - name: Format JSON files 56 | run: | 57 | echo "Formatting JSON files..." 58 | find . -name "*.json" -type f -exec prettier --write {} \; || echo "JSON formatting completed" 59 | - name: Check for changes 60 | id: check-changes 61 | run: | 62 | if git diff --quiet; then 63 | echo "No formatting changes needed" 64 | echo "changes=false" >> $GITHUB_OUTPUT 65 | else 66 | echo "Formatting changes detected" 67 | echo "changes=true" >> $GITHUB_OUTPUT 68 | fi 69 | - name: Commit formatting changes 70 | if: steps.check-changes.outputs.changes == 'true' 71 | run: | 72 | git config --local user.email "action@github.com" 73 | git config --local user.name "GitHub Action" 74 | git add . 75 | git commit -m "Auto-format code [skip ci]" || echo "No changes to commit" 76 | - name: Push changes 77 | if: steps.check-changes.outputs.changes == 'true' 78 | uses: ad-m/github-push-action@master 79 | with: 80 | github_token: ${{ secrets.GITHUB_TOKEN }} 81 | branch: ${{ github.ref }} 82 | -------------------------------------------------------------------------------- /modules/installer/base.nix: -------------------------------------------------------------------------------- 1 | # Base installer configuration 2 | # This module provides common settings for all installer ISOs 3 | 4 | { lib, pkgs, modulesPath, ... }: 5 | 6 | { 7 | imports = [ 8 | "${modulesPath}/installer/cd-dvd/installation-cd-base.nix" 9 | ]; 10 | 11 | # ISO Label and metadata 12 | image = { 13 | fileName = lib.mkDefault "nixos-installer.iso"; 14 | }; 15 | isoImage = { 16 | volumeID = lib.mkDefault "NIXOS_INSTALLER"; 17 | 18 | # Modern boot methods 19 | makeEfiBootable = true; 20 | makeUsbBootable = true; 21 | 22 | # Compression for smaller ISOs 23 | squashfsCompression = "gzip -Xcompression-level 1"; 24 | }; 25 | 26 | # Enable SSH for remote installation 27 | services.openssh = { 28 | enable = true; 29 | settings = { 30 | PermitRootLogin = "yes"; 31 | PasswordAuthentication = true; 32 | }; 33 | }; 34 | 35 | # Set root password for installer (change this!) 36 | # Override the default locked password from core/users.nix for installer environments 37 | users.users.root = { 38 | # Use initialPassword for installer - this overrides hashedPassword with higher precedence 39 | initialPassword = lib.mkOverride 50 "nixos"; # Lower number = higher priority than mkDefault (1000) 40 | # Aggressively clear ALL other password options to prevent conflicts 41 | hashedPassword = lib.mkOverride 60 null; 42 | password = lib.mkOverride 60 null; 43 | # Force initialHashedPassword to null to override any system defaults 44 | initialHashedPassword = lib.mkOverride 60 null; 45 | hashedPasswordFile = lib.mkOverride 60 null; 46 | }; 47 | 48 | # Essential packages for installation 49 | environment.systemPackages = with pkgs; [ 50 | # Text editors 51 | nano 52 | vim 53 | 54 | # Network tools 55 | wget 56 | curl 57 | git 58 | 59 | # Disk utilities 60 | gptfdisk 61 | parted 62 | 63 | # System utilities 64 | htop 65 | tree 66 | lsof 67 | 68 | # Hardware detection 69 | pciutils 70 | usbutils 71 | lshw 72 | 73 | # Development tools (for custom configs) 74 | just 75 | nixpkgs-fmt 76 | ]; 77 | 78 | # Network configuration 79 | networking = { 80 | wireless.enable = lib.mkForce false; # Disable wpa_supplicant 81 | networkmanager.enable = true; 82 | useDHCP = lib.mkDefault true; 83 | }; 84 | 85 | # Enable firmware for hardware compatibility 86 | hardware.enableRedistributableFirmware = true; 87 | 88 | # Enable flakes in installer 89 | nix = { 90 | settings = { 91 | experimental-features = [ "nix-command" "flakes" ]; 92 | trusted-users = [ "root" ]; 93 | }; 94 | 95 | # Include this configuration in the installer 96 | nixPath = [ 97 | "nixpkgs=${pkgs.path}" 98 | "nixos-config=/etc/nixos/configuration.nix" 99 | ]; 100 | }; 101 | 102 | # Console configuration 103 | console = { 104 | font = "Lat2-Terminus16"; 105 | keyMap = lib.mkDefault "us"; 106 | }; 107 | 108 | # Locale settings 109 | i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; 110 | time.timeZone = lib.mkDefault "UTC"; 111 | 112 | # System version (will be set by specific ISO configs) 113 | system.stateVersion = "25.05"; 114 | } 115 | -------------------------------------------------------------------------------- /home/users/minimal.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | # Minimal Home Manager configuration for lightweight systems 5 | 6 | # User information 7 | home = { 8 | username = "minimal"; 9 | homeDirectory = "/home/minimal"; 10 | stateVersion = "25.05"; 11 | }; 12 | 13 | # Program configurations 14 | programs = { 15 | # Let Home Manager manage itself 16 | home-manager.enable = true; 17 | 18 | # Minimal Git configuration 19 | git = { 20 | enable = true; 21 | userName = "Minimal User"; 22 | userEmail = "minimal@example.com"; 23 | 24 | extraConfig = { 25 | init.defaultBranch = "main"; 26 | pull.rebase = true; 27 | core.editor = "nano"; 28 | }; 29 | }; 30 | 31 | # Lightweight shell configuration 32 | bash = { 33 | enable = true; 34 | 35 | shellAliases = { 36 | ll = "ls -l"; 37 | la = "ls -la"; 38 | l = "ls"; 39 | ".." = "cd .."; 40 | "..." = "cd ../.."; 41 | 42 | # Essential shortcuts 43 | h = "history"; 44 | c = "clear"; 45 | e = "nano"; 46 | 47 | # NixOS essentials 48 | rebuild = "sudo nixos-rebuild switch --flake ."; 49 | }; 50 | 51 | bashrcExtra = '' 52 | # Simple prompt 53 | export PS1="\u@\h:\w\$ " 54 | 55 | # Basic history settings 56 | export HISTSIZE=1000 57 | export HISTFILESIZE=2000 58 | ''; 59 | }; 60 | 61 | # Basic file operations 62 | bat = { 63 | enable = true; 64 | config.theme = "base16"; 65 | }; 66 | 67 | # Essential for file finding 68 | fd.enable = true; 69 | 70 | # Essential for text search 71 | ripgrep.enable = true; 72 | 73 | # Basic system monitoring 74 | htop.enable = true; 75 | 76 | # SSH for remote access 77 | ssh = { 78 | enable = true; 79 | 80 | matchBlocks = { 81 | "server" = { 82 | hostname = "server.example.com"; 83 | user = "minimal"; 84 | }; 85 | }; 86 | }; 87 | }; 88 | 89 | # Minimal package set - only essentials 90 | home.packages = with pkgs; [ 91 | # Text editors 92 | nano 93 | vim 94 | 95 | # File operations 96 | file 97 | tree 98 | 99 | # Archive handling 100 | unzip 101 | 102 | # Network essentials 103 | curl 104 | wget 105 | 106 | # System information 107 | lshw 108 | 109 | # Process management 110 | killall 111 | 112 | # Text processing 113 | grep 114 | sed 115 | awk 116 | 117 | # Basic development 118 | git 119 | ]; 120 | 121 | # Minimal XDG directories 122 | xdg = { 123 | enable = true; 124 | 125 | userDirs = { 126 | enable = true; 127 | createDirectories = true; 128 | }; 129 | }; 130 | 131 | # Essential environment variables 132 | home.sessionVariables = { 133 | EDITOR = "nano"; 134 | PAGER = "less"; 135 | }; 136 | 137 | # Minimal file management 138 | home.file = { 139 | ".vimrc".text = '' 140 | " Minimal vim configuration 141 | set nocompatible 142 | syntax on 143 | set number 144 | set tabstop=2 145 | set shiftwidth=2 146 | set expandtab 147 | set autoindent 148 | ''; 149 | }; 150 | } 151 | -------------------------------------------------------------------------------- /hosts/desktop-template/configuration.nix: -------------------------------------------------------------------------------- 1 | # Desktop Configuration Template - Simplified 2 | # Uses the profile system instead of duplicating packages 3 | { config, lib, pkgs, ... }: 4 | 5 | { 6 | imports = [ 7 | ./hardware-configuration.nix 8 | ../common.nix 9 | ../../modules/core 10 | ../../modules/desktop 11 | ../../modules/hardware/power-management.nix 12 | ../../modules/gaming 13 | ../../modules/development 14 | ../../modules/profiles/workstation.nix # Contains all the packages and common configs 15 | ]; 16 | 17 | # System identification 18 | systemId = { 19 | baseName = "desktop-template"; 20 | profile = "workstation"; 21 | description = "Desktop template for workstation environments"; 22 | environment = "development"; 23 | tags = [ "template" "desktop" ]; 24 | }; 25 | 26 | # Module configuration 27 | modules = { 28 | # Hardware profile for desktop 29 | hardware.power-management = { 30 | enable = true; 31 | profile = "desktop"; 32 | cpuGovernor = "ondemand"; 33 | enableThermalManagement = true; 34 | 35 | desktop = { 36 | enablePerformanceMode = true; 37 | disableUsbAutosuspend = true; 38 | }; 39 | }; 40 | 41 | # Full-featured desktop environment 42 | desktop = { 43 | audio.enable = true; 44 | gnome.enable = true; 45 | }; 46 | 47 | # Gaming support 48 | gaming = { 49 | steam = { 50 | enable = true; 51 | performance.gamemode = true; 52 | performance.mangohud = true; 53 | }; 54 | }; 55 | 56 | # Development tools 57 | development = { 58 | git = { 59 | enable = true; 60 | userName = "Desktop User"; 61 | userEmail = "user@example.com"; 62 | }; 63 | }; 64 | }; 65 | 66 | # Zero-configuration hardware optimization 67 | hardware.autoOptimization = { 68 | enable = true; 69 | debug = true; 70 | detection = { 71 | enableMemoryOptimization = true; 72 | enableCpuOptimization = true; 73 | enableGpuOptimization = true; 74 | enableStorageOptimization = true; 75 | enablePlatformOptimization = true; 76 | }; 77 | }; 78 | 79 | # Network configuration 80 | networking = { 81 | networkmanager.enable = true; 82 | firewall = { 83 | enable = true; 84 | allowedTCPPorts = [ 22 80 443 8080 ]; 85 | }; 86 | interfaces.enp0s31f6.wakeOnLan.enable = true; 87 | }; 88 | 89 | # Services - only host-specific configurations 90 | services = { 91 | pulseaudio.enable = false; # Using PipeWire from desktop module 92 | openssh = { 93 | enable = true; 94 | settings = { 95 | PasswordAuthentication = false; 96 | PermitRootLogin = "no"; 97 | X11Forwarding = lib.mkForce true; 98 | }; 99 | }; 100 | displayManager.autoLogin.enable = false; 101 | ntp.enable = true; 102 | }; 103 | 104 | # Use latest kernel for best hardware support 105 | boot.kernelPackages = pkgs.linuxPackages_latest; 106 | 107 | # Home Manager integration - simplified 108 | home-manager.users.user = import ./home.nix; 109 | 110 | # System maintenance 111 | system = { 112 | autoUpgrade = { 113 | enable = true; 114 | allowReboot = false; 115 | dates = "weekly"; 116 | }; 117 | stateVersion = "25.05"; 118 | }; 119 | } 120 | -------------------------------------------------------------------------------- /hosts/virtualbox-vm/configuration.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | imports = [ 5 | # Hardware configuration (generate with nixos-generate-config) 6 | ./hardware-configuration.nix 7 | 8 | # Common configuration 9 | ../common.nix 10 | 11 | # VM guest optimizations 12 | ../../modules/virtualization/vm-guest.nix 13 | 14 | # Core modules 15 | ../../modules/core 16 | 17 | # Desktop environment (optional) 18 | ../../modules/desktop 19 | ]; 20 | 21 | # Hostname 22 | networking.hostName = "virtualbox-vm"; 23 | 24 | # Enable VirtualBox VM guest optimizations 25 | modules.virtualization.vm-guest = { 26 | enable = true; 27 | type = "virtualbox"; 28 | 29 | optimizations = { 30 | performance = true; 31 | graphics = true; 32 | networking = true; 33 | storage = true; 34 | }; 35 | 36 | guestTools = { 37 | enable = true; 38 | clipboard = true; 39 | folderSharing = true; 40 | timeSync = true; 41 | }; 42 | 43 | serial = { 44 | enable = false; # VirtualBox usually doesn't need serial console 45 | }; 46 | }; 47 | 48 | # Users 49 | users.users.vbox-user = { 50 | isNormalUser = true; 51 | description = "VirtualBox VM User"; 52 | extraGroups = [ "wheel" "networkmanager" "vboxsf" ]; 53 | 54 | # Set initial password (change after first login) 55 | initialPassword = "nixos"; 56 | }; 57 | 58 | # Allow wheel group to sudo without password (VM convenience) 59 | security.sudo.wheelNeedsPassword = false; 60 | 61 | # Home Manager configuration for the user 62 | home-manager.users.vbox-user = import ./home.nix; 63 | 64 | # VirtualBox-specific services 65 | services = { 66 | # Enable SSH for remote access (optional) 67 | openssh = { 68 | enable = lib.mkDefault false; # Usually not needed in desktop VMs 69 | settings = { 70 | PasswordAuthentication = true; 71 | PermitRootLogin = "no"; 72 | }; 73 | }; 74 | 75 | # X11 and desktop services 76 | xserver = { 77 | enable = lib.mkDefault true; 78 | displayManager.lightdm.enable = lib.mkDefault true; 79 | desktopManager.xfce.enable = lib.mkDefault true; # Lightweight for VMs 80 | }; 81 | }; 82 | 83 | # VirtualBox-specific configurations 84 | virtualisation.virtualbox.guest = { 85 | enable = true; 86 | x11 = true; # Enable X11 integration 87 | }; 88 | 89 | # Additional packages for VirtualBox VMs 90 | environment.systemPackages = with pkgs; [ 91 | # VirtualBox guest additions 92 | virtualboxGuestAdditions 93 | 94 | # File sharing utilities 95 | cifs-utils 96 | 97 | # Desktop conveniences 98 | firefox 99 | xfce.thunar 100 | xfce.xfce4-terminal 101 | ]; 102 | 103 | # Enable desktop environment 104 | modules.desktop = { 105 | enable = lib.mkDefault true; 106 | environment = lib.mkDefault "xfce"; # Lightweight for VMs 107 | 108 | audio.enable = true; 109 | printing.enable = false; # Usually not needed in VMs 110 | }; 111 | 112 | # Firewall configuration 113 | networking.firewall = { 114 | enable = true; 115 | allowPing = true; 116 | # SSH port if enabled 117 | allowedTCPPorts = lib.optionals config.services.openssh.enable [ 22 ]; 118 | }; 119 | 120 | # System state version 121 | system.stateVersion = "25.05"; 122 | } 123 | -------------------------------------------------------------------------------- /docker/templates/desktop-template.nix: -------------------------------------------------------------------------------- 1 | # Desktop Template for VM Builder 2 | # Full desktop environment optimized for VMs 3 | { config, pkgs, lib, ... }: 4 | 5 | { 6 | imports = [ 7 | # Enable VM optimizations 8 | 9 | 10 | ]; 11 | 12 | # System configuration 13 | system.stateVersion = "24.05"; 14 | 15 | # Boot configuration for VMs 16 | boot.loader = { 17 | systemd-boot.enable = true; 18 | efi.canTouchEfiVariables = true; 19 | }; 20 | 21 | # VM-optimized kernel 22 | boot.kernelParams = [ 23 | "elevator=noop" 24 | "quiet" 25 | "splash" 26 | ]; 27 | 28 | # Essential system packages 29 | environment.systemPackages = with pkgs; [ 30 | # System tools 31 | git 32 | curl 33 | wget 34 | vim 35 | nano 36 | htop 37 | tree 38 | unzip 39 | 40 | # Desktop applications 41 | firefox 42 | thunderbird 43 | libreoffice 44 | vlc 45 | gimp 46 | 47 | # Development tools 48 | vscode 49 | docker 50 | 51 | # VM integration 52 | spice-vdagent 53 | ]; 54 | 55 | # Desktop environment 56 | services.xserver = { 57 | enable = true; 58 | displayManager.gdm.enable = true; 59 | desktopManager.gnome.enable = true; 60 | 61 | # VM optimizations 62 | videoDrivers = [ "vmware" "virtualbox" "qxl" ]; 63 | }; 64 | 65 | # Enable sound 66 | hardware.pulseaudio.enable = false; 67 | security.rtkit.enable = true; 68 | services.pipewire = { 69 | enable = true; 70 | alsa.enable = true; 71 | alsa.support32Bit = true; 72 | pulse.enable = true; 73 | }; 74 | 75 | # Networking 76 | networking = { 77 | hostName = "nixos-desktop"; 78 | networkmanager.enable = true; 79 | firewall.enable = true; 80 | }; 81 | 82 | # Users 83 | users.users.nixos = { 84 | isNormalUser = true; 85 | description = "NixOS User"; 86 | extraGroups = [ "networkmanager" "wheel" "docker" ]; 87 | password = "nixos"; # Change this in production 88 | }; 89 | 90 | # Enable sudo without password for initial setup 91 | security.sudo.wheelNeedsPassword = false; 92 | 93 | # VM guest services 94 | services = { 95 | qemuGuest.enable = true; 96 | spice-vdagentd.enable = true; 97 | 98 | # Auto-login for VM convenience 99 | displayManager.autoLogin = { 100 | enable = true; 101 | user = "nixos"; 102 | }; 103 | }; 104 | 105 | # Disable services not needed in VMs 106 | services.smartd.enable = false; 107 | powerManagement.enable = false; 108 | 109 | # VM-specific optimizations 110 | virtualisation = { 111 | diskSize = lib.mkDefault 30720; # 30GB - increased for desktop apps 112 | memorySize = lib.mkDefault 6144; # 6GB - increased for desktop environment 113 | cores = lib.mkDefault 4; # More cores for better desktop performance 114 | 115 | # Graphics optimizations 116 | qemu.options = [ 117 | "-vga qxl" 118 | "-spice port=5930,disable-ticketing" 119 | ]; 120 | }; 121 | 122 | # Enable flakes and new nix command 123 | nix.settings.experimental-features = [ "nix-command" "flakes" ]; 124 | 125 | # Automatic garbage collection 126 | nix.gc = { 127 | automatic = true; 128 | dates = "weekly"; 129 | options = "--delete-older-than 30d"; 130 | }; 131 | } 132 | -------------------------------------------------------------------------------- /docs/WINDOWS-QUICK-REFERENCE.md: -------------------------------------------------------------------------------- 1 | # Windows Quick Reference - NixOS VMs 2 | 3 | Quick reference for Windows users wanting to try NixOS virtual machines. 4 | 5 | ## Quick Start (2 Minutes) 6 | 7 | ### Method 1: Pre-built VMs (Easiest) 8 | 9 | ```powershell 10 | # 1. Download VirtualBox: https://www.virtualbox.org/ 11 | # 2. Get VM: https://github.com/olafkfreund/nixos-template/releases 12 | # 3. Import OVA file in VirtualBox 13 | # 4. Login: nixos / nixos 14 | ``` 15 | 16 | ### Method 2: Build with Docker 17 | 18 | ```powershell 19 | # 1. Install Docker Desktop 20 | # 2. Build VM 21 | mkdir C:\NixOS-VMs 22 | cd C:\NixOS-VMs 23 | docker run --rm -v "${PWD}:/workspace" olafkfreund/nixos-vm-builder:latest virtualbox --template desktop 24 | ``` 25 | 26 | ## VM Templates 27 | 28 | | Template | Size | Description | Best For | 29 | | --------------- | ---- | ------------- | ----------- | 30 | | **Desktop** | 20GB | GNOME + apps | New users | 31 | | **Gaming** | 80GB | Steam + tools | Gamers | 32 | | **Development** | 60GB | Full dev env | Programmers | 33 | | **Server** | 40GB | CLI only | Servers | 34 | | **Minimal** | 10GB | Basic system | Learning | 35 | 36 | ## VM Platform Support 37 | 38 | | Platform | File Format | Windows Version | 39 | | -------------- | ----------- | --------------- | 40 | | **VirtualBox** | `.ova` | All Windows | 41 | | **Hyper-V** | `.vhdx` | Pro/Enterprise | 42 | | **VMware** | `.vmdk` | All Windows | 43 | | **QEMU** | `.qcow2` | Advanced users | 44 | 45 | ## Common Commands 46 | 47 | ```powershell 48 | # List available templates 49 | docker run --rm olafkfreund/nixos-vm-builder:latest --list-templates 50 | 51 | # Build specific template 52 | docker run --rm -v "${PWD}:/workspace" olafkfreund/nixos-vm-builder:latest [FORMAT] --template [TEMPLATE] 53 | 54 | # Build all formats 55 | docker run --rm -v "${PWD}:/workspace" olafkfreund/nixos-vm-builder:latest all --template desktop 56 | ``` 57 | 58 | ## First Steps in NixOS 59 | 60 | ```bash 61 | # Change password (IMPORTANT!) 62 | passwd 63 | 64 | # Update system 65 | sudo nixos-rebuild switch --upgrade 66 | 67 | # Search packages 68 | nix search firefox 69 | 70 | # System info 71 | nixos-version 72 | ``` 73 | 74 | ## Troubleshooting 75 | 76 | | Problem | Solution | 77 | | ---------------- | ----------------------------- | 78 | | VM won't boot | Enable virtualization in BIOS | 79 | | Slow performance | Increase RAM to 4GB+ | 80 | | No internet | Use NAT networking | 81 | | Graphics issues | Install VM guest tools | 82 | 83 | ## Documentation 84 | 85 | - **Complete Guide**: [docs/WINDOWS-HOWTO.md](WINDOWS-HOWTO.md) 86 | - **Docker Details**: [docs/WINDOWS-VM-BUILDER.md](WINDOWS-VM-BUILDER.md) 87 | - **Technical Docs**: [docker/README.md](../docker/README.md) 88 | 89 | ## Tips 90 | 91 | - **Performance**: Allocate 4GB+ RAM for desktop VMs 92 | - **Security**: Change default password immediately 93 | - **Integration**: Use shared folders for file transfer 94 | - **Learning**: Start with Desktop template, try others later 95 | - **Support**: Join NixOS Discord for help 96 | 97 | --- 98 | 99 | **Need detailed help?** See [Complete Windows How-To Guide](WINDOWS-HOWTO.md) 100 | 101 | **Ready to start?** Download from [Releases](https://github.com/olafkfreund/nixos-template/releases) or build with Docker! 102 | -------------------------------------------------------------------------------- /modules/packages/server-tools.nix: -------------------------------------------------------------------------------- 1 | # Server administration package collection 2 | # Monitoring, networking, security, and system administration tools 3 | { pkgs, lib, config, ... }: 4 | 5 | { 6 | options.modules.packages.server-tools = { 7 | enable = lib.mkEnableOption "server administration tools package collection"; 8 | 9 | includeMonitoring = lib.mkOption { 10 | type = lib.types.bool; 11 | default = true; 12 | description = "Include system and network monitoring tools"; 13 | }; 14 | 15 | includeSecurity = lib.mkOption { 16 | type = lib.types.bool; 17 | default = true; 18 | description = "Include security and audit tools"; 19 | }; 20 | 21 | includeBackup = lib.mkOption { 22 | type = lib.types.bool; 23 | default = false; 24 | description = "Include backup and recovery tools"; 25 | }; 26 | 27 | includeContainers = lib.mkOption { 28 | type = lib.types.bool; 29 | default = false; 30 | description = "Include container management tools"; 31 | }; 32 | }; 33 | 34 | config = lib.mkIf config.modules.packages.server-tools.enable { 35 | environment.systemPackages = with pkgs; [ 36 | # Essential system tools 37 | vim 38 | nano 39 | curl 40 | wget 41 | 42 | # File transfer and sync 43 | rsync 44 | openssh # provides scp, ssh 45 | 46 | # Process and system analysis 47 | htop 48 | lsof 49 | strace 50 | ltrace 51 | sysstat # iostat, mpstat, sar 52 | 53 | # Network utilities 54 | iproute2 # ss, ip commands 55 | net-tools # netstat, ifconfig (legacy) 56 | netcat 57 | socat 58 | nmap 59 | traceroute 60 | 61 | # Text processing 62 | ripgrep 63 | fd 64 | jq 65 | yq 66 | 67 | # Archive tools 68 | p7zip 69 | unrar 70 | 71 | # Terminal multiplexers 72 | tmux 73 | screen 74 | 75 | # Log management 76 | logrotate 77 | multitail 78 | 79 | ] ++ lib.optionals config.modules.packages.server-tools.includeMonitoring [ 80 | # Advanced monitoring 81 | btop 82 | iotop 83 | nethogs 84 | iftop 85 | bandwhich 86 | ncdu # Disk usage analyzer 87 | 88 | # Network monitoring 89 | tcpdump 90 | wireshark-cli # tshark 91 | 92 | ] ++ lib.optionals config.modules.packages.server-tools.includeSecurity [ 93 | # Security tools 94 | nftables 95 | fail2ban 96 | 97 | # Certificate management 98 | certbot 99 | 100 | ] ++ lib.optionals config.modules.packages.server-tools.includeBackup [ 101 | # Backup solutions 102 | restic 103 | borgbackup 104 | rclone 105 | 106 | ] ++ lib.optionals config.modules.packages.server-tools.includeContainers [ 107 | # Container tools 108 | docker 109 | docker-compose 110 | podman 111 | kubernetes 112 | kubectl 113 | ]; 114 | 115 | # Server-optimized services 116 | services.openssh = { 117 | enable = lib.mkDefault true; 118 | 119 | settings = { 120 | PasswordAuthentication = lib.mkDefault false; 121 | PermitRootLogin = lib.mkDefault "no"; 122 | PubkeyAuthentication = lib.mkDefault true; 123 | UseDNS = lib.mkDefault false; 124 | }; 125 | }; 126 | 127 | # Security configuration 128 | security.sudo.enable = lib.mkDefault true; 129 | 130 | # Firewall configuration 131 | networking.firewall = { 132 | enable = lib.mkDefault true; 133 | allowedTCPPorts = [ 22 ]; # SSH 134 | }; 135 | }; 136 | } 137 | -------------------------------------------------------------------------------- /vm-test-config/home.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | # Home Manager configuration for desktop user 5 | 6 | # Import desktop-specific profiles (uncomment the one matching your desktop) 7 | imports = [ 8 | # GNOME Desktop Profile (default) 9 | ../../home/profiles/gnome.nix 10 | 11 | # KDE Desktop Profile 12 | # ../../home/profiles/kde.nix 13 | 14 | # Hyprland Tiling WM Profile 15 | # ../../home/profiles/hyprland.nix 16 | 17 | # Niri Scrollable Tiling WM Profile 18 | # ../../home/profiles/niri.nix 19 | ]; 20 | 21 | # Basic user info 22 | home = { 23 | username = "user"; 24 | homeDirectory = "/home/user"; 25 | stateVersion = "25.05"; 26 | }; 27 | 28 | # Program configurations 29 | programs = { 30 | # Let Home Manager manage itself 31 | home-manager.enable = true; 32 | 33 | # Git configuration 34 | git = { 35 | enable = true; 36 | userName = "Your Name"; 37 | userEmail = "your.email@example.com"; 38 | 39 | extraConfig = { 40 | init.defaultBranch = "main"; 41 | pull.rebase = true; 42 | push.autoSetupRemote = true; 43 | }; 44 | }; 45 | 46 | # Shell configuration 47 | bash = { 48 | enable = true; 49 | 50 | shellAliases = { 51 | ll = "ls -alF"; 52 | la = "ls -A"; 53 | l = "ls -CF"; 54 | ".." = "cd .."; 55 | "..." = "cd ../.."; 56 | 57 | # NixOS specific aliases 58 | rebuild = "sudo nixos-rebuild switch --flake ~/nixos-config"; 59 | rebuild-test = "sudo nixos-rebuild test --flake ~/nixos-config"; 60 | update = "nix flake update ~/nixos-config"; 61 | }; 62 | 63 | bashrcExtra = '' 64 | # Custom prompt 65 | export PS1="\[\e[32m\]\u@\h\[\e[m\]:\[\e[34m\]\w\[\e[m\]\$ " 66 | ''; 67 | }; 68 | # Better ls 69 | eza = { 70 | enable = true; 71 | aliases = { 72 | ls = "eza"; 73 | ll = "eza -l"; 74 | la = "eza -la"; 75 | tree = "eza --tree"; 76 | }; 77 | }; 78 | 79 | # Better cat 80 | bat.enable = true; 81 | 82 | # Better find 83 | fd.enable = true; 84 | 85 | # Better grep 86 | ripgrep.enable = true; 87 | 88 | # System monitoring 89 | htop.enable = true; 90 | btop.enable = true; 91 | 92 | # Directory navigation 93 | zoxide.enable = true; 94 | }; 95 | 96 | # User packages 97 | home.packages = with pkgs; [ 98 | # Desktop applications 99 | firefox 100 | thunderbird 101 | libreoffice 102 | 103 | # Media 104 | vlc 105 | gimp 106 | 107 | # Development tools 108 | vscode 109 | 110 | # System utilities 111 | file 112 | which 113 | tree 114 | curl 115 | wget 116 | ]; 117 | 118 | # XDG directories 119 | xdg = { 120 | enable = true; 121 | 122 | userDirs = { 123 | enable = true; 124 | createDirectories = true; 125 | desktop = "${config.home.homeDirectory}/Desktop"; 126 | documents = "${config.home.homeDirectory}/Documents"; 127 | download = "${config.home.homeDirectory}/Downloads"; 128 | music = "${config.home.homeDirectory}/Music"; 129 | pictures = "${config.home.homeDirectory}/Pictures"; 130 | videos = "${config.home.homeDirectory}/Videos"; 131 | }; 132 | }; 133 | 134 | # GTK theme configuration 135 | gtk = { 136 | enable = true; 137 | 138 | theme = { 139 | package = pkgs.adwaita-qt; 140 | name = "Adwaita"; 141 | }; 142 | 143 | iconTheme = { 144 | package = pkgs.adwaita-icon-theme; 145 | name = "Adwaita"; 146 | }; 147 | }; 148 | } 149 | -------------------------------------------------------------------------------- /hosts/example-desktop/home-original.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | # Home Manager configuration for desktop user 5 | 6 | # Import desktop-specific profiles (uncomment the one matching your desktop) 7 | imports = [ 8 | # GNOME Desktop Profile (default) 9 | ../../home/profiles/gnome.nix 10 | 11 | # KDE Desktop Profile 12 | # ../../home/profiles/kde.nix 13 | 14 | # Hyprland Tiling WM Profile 15 | # ../../home/profiles/hyprland.nix 16 | 17 | # Niri Scrollable Tiling WM Profile 18 | # ../../home/profiles/niri.nix 19 | ]; 20 | 21 | # Basic user info 22 | home = { 23 | username = "user"; 24 | homeDirectory = "/home/user"; 25 | stateVersion = "25.05"; 26 | }; 27 | 28 | # Programs configuration 29 | programs = { 30 | # Let Home Manager manage itself 31 | home-manager.enable = true; 32 | 33 | # Git configuration 34 | git = { 35 | enable = true; 36 | userName = "Your Name"; 37 | userEmail = "your.email@example.com"; 38 | 39 | extraConfig = { 40 | init.defaultBranch = "main"; 41 | pull.rebase = true; 42 | push.autoSetupRemote = true; 43 | }; 44 | }; 45 | 46 | # Shell configuration 47 | bash = { 48 | enable = true; 49 | 50 | shellAliases = { 51 | ll = "ls -alF"; 52 | la = "ls -A"; 53 | l = "ls -CF"; 54 | ".." = "cd .."; 55 | "..." = "cd ../.."; 56 | 57 | # NixOS specific aliases 58 | rebuild = "sudo nixos-rebuild switch --flake ~/nixos-config"; 59 | rebuild-test = "sudo nixos-rebuild test --flake ~/nixos-config"; 60 | update = "nix flake update ~/nixos-config"; 61 | }; 62 | 63 | bashrcExtra = '' 64 | # Custom prompt 65 | export PS1="\[\e[32m\]\u@\h\[\e[m\]:\[\e[34m\]\w\[\e[m\]\$ " 66 | ''; 67 | }; 68 | 69 | # Better ls 70 | eza = { 71 | enable = true; 72 | aliases = { 73 | ls = "eza"; 74 | ll = "eza -l"; 75 | la = "eza -la"; 76 | tree = "eza --tree"; 77 | }; 78 | }; 79 | 80 | # Better cat 81 | bat.enable = true; 82 | 83 | # Better find 84 | fd.enable = true; 85 | 86 | # Better grep 87 | ripgrep.enable = true; 88 | 89 | # System monitoring 90 | htop.enable = true; 91 | btop.enable = true; 92 | 93 | # Directory navigation 94 | zoxide.enable = true; 95 | }; 96 | 97 | # User packages 98 | home.packages = with pkgs; [ 99 | # Desktop applications 100 | firefox 101 | thunderbird 102 | libreoffice 103 | 104 | # Media 105 | vlc 106 | gimp 107 | 108 | # Development tools 109 | vscode 110 | 111 | # System utilities 112 | file 113 | which 114 | tree 115 | curl 116 | wget 117 | ]; 118 | 119 | # XDG directories 120 | xdg = { 121 | enable = true; 122 | 123 | userDirs = { 124 | enable = true; 125 | createDirectories = true; 126 | desktop = "${config.home.homeDirectory}/Desktop"; 127 | documents = "${config.home.homeDirectory}/Documents"; 128 | download = "${config.home.homeDirectory}/Downloads"; 129 | music = "${config.home.homeDirectory}/Music"; 130 | pictures = "${config.home.homeDirectory}/Pictures"; 131 | videos = "${config.home.homeDirectory}/Videos"; 132 | }; 133 | }; 134 | 135 | # GTK theme configuration 136 | gtk = { 137 | enable = true; 138 | 139 | theme = { 140 | package = pkgs.adwaita-qt; 141 | name = "Adwaita"; 142 | }; 143 | 144 | iconTheme = { 145 | package = pkgs.adwaita-icon-theme; 146 | name = "Adwaita"; 147 | }; 148 | }; 149 | } 150 | -------------------------------------------------------------------------------- /home/users/user.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | 3 | { 4 | # Basic Home Manager configuration for default user 5 | 6 | # Import desktop profile (change based on your desktop environment) 7 | 8 | # Basic user information 9 | home = { 10 | username = "user"; 11 | homeDirectory = "/home/user"; 12 | stateVersion = "25.05"; 13 | }; 14 | 15 | # Program configurations 16 | programs = { 17 | # Let Home Manager manage itself 18 | home-manager.enable = true; 19 | 20 | # Git configuration 21 | git = { 22 | enable = true; 23 | userName = "User Name"; 24 | userEmail = "user@example.com"; 25 | 26 | extraConfig = { 27 | init.defaultBranch = "main"; 28 | pull.rebase = true; 29 | push.autoSetupRemote = true; 30 | core.editor = "nano"; 31 | }; 32 | }; 33 | 34 | # Shell configuration 35 | bash = { 36 | enable = true; 37 | 38 | shellAliases = { 39 | ll = "ls -alF"; 40 | la = "ls -A"; 41 | l = "ls -CF"; 42 | ".." = "cd .."; 43 | "..." = "cd ../.."; 44 | 45 | # NixOS specific aliases 46 | rebuild = "sudo nixos-rebuild switch --flake ~/nixos-config"; 47 | rebuild-test = "sudo nixos-rebuild test --flake ~/nixos-config"; 48 | update = "nix flake update ~/nixos-config"; 49 | }; 50 | 51 | bashrcExtra = '' 52 | # Custom prompt 53 | export PS1="\[\e[32m\]\u@\h\[\e[m\]:\[\e[34m\]\w\[\e[m\]\$ " 54 | 55 | # History settings 56 | export HISTSIZE=10000 57 | export HISTFILESIZE=20000 58 | export HISTCONTROL=ignoredups:erasedups 59 | ''; 60 | }; 61 | 62 | # Better command line tools 63 | eza = { 64 | enable = true; 65 | aliases = { 66 | ls = "eza"; 67 | ll = "eza -l"; 68 | la = "eza -la"; 69 | tree = "eza --tree"; 70 | }; 71 | }; 72 | 73 | # Better cat 74 | bat.enable = true; 75 | 76 | # Better find 77 | fd.enable = true; 78 | 79 | # Better grep 80 | ripgrep.enable = true; 81 | 82 | # System monitoring 83 | htop.enable = true; 84 | btop.enable = true; 85 | 86 | # Directory navigation 87 | zoxide.enable = true; 88 | 89 | # SSH configuration 90 | ssh = { 91 | enable = true; 92 | 93 | matchBlocks = { 94 | "example-server" = { 95 | hostname = "server.example.com"; 96 | user = "user"; 97 | # identityFile = "~/.ssh/id_ed25519"; 98 | }; 99 | }; 100 | }; 101 | }; 102 | 103 | # Import shared package sets 104 | imports = [ 105 | # Choose your desktop profile 106 | ../profiles/gnome.nix 107 | # ../profiles/kde.nix 108 | # ../profiles/hyprland.nix 109 | # ../profiles/niri.nix 110 | 111 | # Shared package sets 112 | ../packages/core-system.nix 113 | ]; 114 | 115 | # XDG directories 116 | xdg = { 117 | enable = true; 118 | 119 | userDirs = { 120 | enable = true; 121 | createDirectories = true; 122 | desktop = "${config.home.homeDirectory}/Desktop"; 123 | documents = "${config.home.homeDirectory}/Documents"; 124 | download = "${config.home.homeDirectory}/Downloads"; 125 | music = "${config.home.homeDirectory}/Music"; 126 | pictures = "${config.home.homeDirectory}/Pictures"; 127 | videos = "${config.home.homeDirectory}/Videos"; 128 | templates = "${config.home.homeDirectory}/Templates"; 129 | publicShare = "${config.home.homeDirectory}/Public"; 130 | }; 131 | }; 132 | 133 | # Environment variables 134 | home.sessionVariables = { 135 | EDITOR = "nano"; 136 | BROWSER = "firefox"; 137 | TERMINAL = "gnome-terminal"; 138 | }; 139 | } 140 | -------------------------------------------------------------------------------- /scripts/rebuild.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # NixOS rebuild script with helpful features 4 | # 5 | 6 | set -euo pipefail 7 | 8 | # Colors for output 9 | RED='\033[0;31m' 10 | GREEN='\033[0;32m' 11 | YELLOW='\033[1;33m' 12 | BLUE='\033[0;34m' 13 | NC='\033[0m' # No Color 14 | 15 | # Configuration 16 | FLAKE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" 17 | HOSTNAME="${HOSTNAME:-$(hostname)}" 18 | 19 | # Functions 20 | log() { 21 | echo -e "${BLUE}[INFO]${NC} $*" 22 | } 23 | 24 | success() { 25 | echo -e "${GREEN}[SUCCESS]${NC} $*" 26 | } 27 | 28 | warning() { 29 | echo -e "${YELLOW}[WARNING]${NC} $*" 30 | } 31 | 32 | error() { 33 | echo -e "${RED}[ERROR]${NC} $*" >&2 34 | } 35 | 36 | usage() { 37 | cat <